Information Flows at Pacific Command’s Synchronization Hub
The chief information office implements innovative initiatives for interoperability.
Establishing a Mission Partner Environment, a warfighting network and operating environment that allows for greater data sharing and mission planning with partner nations, is a top priority for the chief information officer of the U.S. Pacific Command. As part of that effort, the office has categorized the different types of information systems—and who should control the cyber operations for each—and has created a prototypical virtual enclave that may be adopted for the Navy’s Next-Generation Enterprise Network.
The command has one of the most complex operating environments in the world. Its area of responsibility includes roughly half the Earth’s surface, stretching from the waters off the U.S. West Coast to the western border of India and from Antarctica to the North Pole. The 36 nations that make up the region are home to several of the world’s largest militaries.
Randall Cieslak, the chief information officer, works to tie together Defense Department efforts across the region. “My office is a hub where we can synchronize all the C4I [command, control, communications, computers and intelligence] efforts across all of the military services,” Cieslak says. “Using the Mission Partner Environment and the Joint Information Environment, my office is able to bring together Army, Navy, Air Force, Marine Corps and intelligence [community]-associated system efforts on a common framework and identify where there are interoperability issues as well as wasteful duplication.”
The current aging infrastructure also presents challenges. “With today’s information infrastructure, we have to build out separate infrastructures for every different mission partner,” Cieslak explains. “Within the Joint Information Environment, we intend to embed the Mission Partner Environment, which basically allows us to do joint and combined operations on the same operation infrastructure.”
Adding to the complexity, spectrum, bandwidth and cyberspace are all becoming more contested, meaning the chief information officer (CIO) must work diligently to “confront those challenges and continue to make sure C4 systems are available to our warfighters,” he declares.
In that vein, Cieslak’s office earlier this year established four categories of information systems. “We’ve developed an assessment plan to evaluate the merits of different command relationships in regard to centralized or decentralized cybersecurity operations,” Cieslak reveals. “In other words, can we do cybersecurity better at Cyber Command, or can we do it better here at Pacific Command, or is there sort of a hybrid? We’ve informed our national leadership with some of the optimal ways of conducting cybersecurity operations.”
The four categories are enterprise, sub-enterprise, mission and administrative systems. “Enterprise systems are cloud systems most folks use—systems that support the whole enterprise, the entire Department of Defense,” Cieslak explains. “It’s best to operate those in a centralized manner because they are actually implemented for the entire department.”
Sub-enterprise systems are those that are not quite at the enterprise level, but they “aspire to be,” Cieslak says. The category includes officer evaluation reports, which serve the same purpose across the services, but each service has its own forms and systems. “It would behoove us, being a joint command, to take some of these processes and make them enterprise processes so that we don’t have to spend money on multiple systems,” the CIO offers.
Administrative systems are those used “for day-to-day work, but they’re not enterprise systems,” he explains.
Mission systems are needed for warfighting. “A mission application is like a command and control or intelligence system or a specific function application needed for operations. It is important for those systems to be located as close to the warfighter as possible in order to minimize the area of vulnerability, be it the area or the number of folks who have access to those systems. They would be, to us, the most important systems,” Cieslak asserts.
His office’s assessment resulted in suggested protocols for cybersecurity operations—including who should conduct those operations—for each type of system. “It’s a set of guidelines in order to determine, based on the situation, which is the best way to place the emphasis [on cybersecurity], be it centralized or decentralized,” Cieslak reports. “Characterizing systems in those four categories informs us as to how to apply cybersecurity and who has authority over those systems. It helps the whole enterprise, mainly Pacific Command or [combatant commands], for what we care most about, which is our mission systems.”
He emphasizes why decentralized support is important: “We have to be able to operate those mission systems and ensure they are available for the defense of the nation.”
The guidance offered is intended to avoid future confusion over who is responsible for the cybersecurity of each system. “One of our problems is that we get mixed up. We start talking about an enterprise system and treating it like a mission system as if we’re going to spread it all over the world and some entity in Washington, D.C., or Fort Meade is going to manage or control how a mission system is going to operate,” Cieslak attests. “I know the leadership understands that a mission system for a particular operation shouldn’t necessarily be controlled all the way back in Washington.”
He concedes, however, that the guidelines could prove controversial. “There will always be someone who will get their feathers ruffled over whether a system should be centralized or decentralized,” he says. Cieslak divides people into two camps: those who care primarily about the mission and those most concerned with maintaining control over resources. The former will decide the guidelines make sense and “roll along with it,” he says. The latter will want to “maintain their resources at all costs and will always make up a reason to keep a system either centralized or decentralized under their control.”
Cieslak says he hopes the result of the assessment and guidelines is “a better understanding [of] which systems should be treated as enterprise systems that could go into the cloud, subject to efficiency reductions, and those [mission] systems are just not appropriate.” With the assessment complete, the next step will be to inventory the command’s systems that fall under each category.
The CIO team also has prototyped what Cieslak refers to as agile virtual enclaves as part of the Mission Partner Environment. The Pacific Command has about 1,000 multi-enclave client workstations throughout the theater, a relatively small amount compared with the size of the theater, Cieslak says. Additionally, within the network itself, the command uses multiple versions of the Combined Enterprise Regional Information Exchange System (CENTRIXS), a different one for each partner nation. The command essentially is placing those CENTRIX systems into agile virtual enclaves.
“We have to accommodate partnerships with Japan, Korea and many other nations. Using the Mission Partner Environment through the Joint Information Environment, we are attempting to use virtualization technologies in order for us to provide those joint and combined operations on a single information infrastructure. At the same time, [we are] becoming more efficient and effective because we can reuse that same infrastructure,” he contends.
Rather than use government cryptographic solutions, the concept takes advantage of the National Security Agency (NSA) and Central Security Service’s Commercial Solutions for Classified Program, which enables commercial products to be used for protecting classified data. “That gives us tremendous advantages in cost reduction and the ability to provide [cryptography] to countries that we can’t currently provide the U.S. crypto to,” Cieslak explains.
The virtual enclaves have been “scraped together” using funding from a variety of advanced concept technology demonstrations. “We prototyped all of this during Rim of the Pacific exercises with Pacific Fleet last year. We have some prototypes, and we hope to do more and more operations on that—get our forces to fully appreciate the agility and flexibility that we have,” Cieslak states. “In a few months, I think we’ll reach a breakthrough.”
The Pacific Command is partnering with Central Command on the virtual enclave effort. “They have the lead in doing something very similar called data center virtualization,” he says. “Right now, servers with a specific security classification level have to have their own hardware. But what Central Command is doing is working with NSA in order to use virtual machines that can be hosted on one single piece of hardware or on a single set of hardware, which gives greater agility in the server rooms as well.”
Cieslak’s office is attempting to provide a more rigorous cost assessment of the enclaves. “The leadership in Washington has to understand this reuse of common infrastructure using virtualization—with the security that goes with this—is going to cost us a lot less, give us a lot more agility and allow us to reach into places we can’t with our current ponderous infrastructure,” he elaborates.
One of the challenges has been finding a program of record to help transition the prototypes. “The problem we have is that the Joint Information Environment that we’re aiming at is not a program of record, so we’re trying to jump what is known in the acquisition community as the ‘valley of death’ from the good ideas and innovation of research and development into a formal program,” Cieslak says. “As everyone knows, the acquisition system is not equipped to handle the rapid demands of information technology.”
But there may be hope on the horizon. “We keep looking for programs of record, or just programs, in order to adopt this technology and implement it, and actually, we have made some success with that. The Navy’s Next-Generation Enterprise Network has adopted this technology and is continuing to forward this prototype and make that transition,” he reports. “On the path that we’re on, I think we can implement it by 2020.”