DISA Reduces Systems Into One CyberNetOps Solution
The U.S. Defense Department’s information technology combat support agency plans to hit the kill switch on a number of systems to improve network management. The Defense Information Systems Agency is converging functions such as network operations, defensive cyber operations and network situational awareness, thanks to smart, automated technologies. Most network management technologies will be eliminated by 2021 in favor of one system, or perhaps a suite of systems. The agency is working toward a converged, integrated solution that will provide the complete set of tools needed to gather big data and to operate, visualize, sustain, maintain and defend the system.
A network management system allows administrators to monitor and manage a network’s various components, both hardware and software. It usually records data from a network’s remote points to carry out central reporting to a system administrator. The key benefit is that it permits users to monitor and manage all business operations using a central computer, according to Techopedia.com.
The agency, known as DISA, recently completed an 18-month effort to identify approximately 200 network management systems for elimination at operations centers worldwide. The various tools have been developed and deployed over a number of years. Most were implemented at a time when technologies were tailored for specific functions. For example, because of the way the budgeting process worked before the September 11, 2001, terrorist attacks, the Secret Internet Protocol Router Network (SIPRNet) and the Non-classified Internet Protocol Router Network (NIPRNet) each used its own set of tools.
“The best practices at the time called for the SIPRNet and NIPRNet to have a silo of operations and functions and tools and processes and people,” explains James “J.T.” Travis, who leads DISA’s Network Operations Division. “It became very clear there were some inefficiencies in that world. If the SIPRNet people had an emergency and needed some help ... it would have been illegal for the NIPRNet person to help out a SIPRNet person because they had different funding.”
Travis lauds many of the tools that are in place, but he says some are no longer optimal. “We had some amazing leaders in DISA in the old days, and they created some highly capable management solutions. But now the imperative is to unwind some of those superior designs and create an even more superior integrated system,” he elaborates.
Before systems are turned off, however, DISA will need to develop the tactics, techniques and procedures for the final solution and ensure that the work force is adequately trained. Systems deemed most capable may be expanded rather than killed. Travis says the agency must move purposely but carefully.
“If we screw it up, the things we could negatively affect in the warfighter realm are powerful. The IP [Internet protocol] networks that we deploy link directly into the IP networks deployed by the warfighters, and if we break, they break,” he declares. “The command and control of [information technology] is a very human-intensive activity. Humans are not automatons. They think. They care. They want to do the right thing for the warfighter. We have to proceed with urgent diligence.”
Travis adds that the current network management environment, which took 40 years to create, cannot be dismantled overnight. “I just can’t turn it off until its replacement works,” he states.
The primary driver of this change is the convergence of network management tools enabled by automation. “We in DISA see that the world of NetOps, the world of situational awareness analytics and defensive cyber ops are converging into one integrated body of work,” Travis says. “I like to use the term ‘CyberNetOps’ because it is, in fact, moving net management to the next layer of operating it, defending it and looking for the analytics.”
For example, network operations personnel and cyber defense personnel now are using the same tools to accomplish the mission, he explains. “And the tools that the commercial marketplace is delivering are getting smarter and smarter and having analytics built into them,” Travis adds.
In this case, however, the term “analytics” may not suffice. “If I could rename analytics, I would call it ‘Answers to Questions You Didn’t Know You Were Supposed to Be Asking Without Having to Ask the Question in the First Place.’ That’s what analytics should be able to do for us,” he says.
Machine learning and automation likely will make that vision a reality in the coming years. “That’s how we see the future of this. We will ruthlessly automate,” Travis asserts.
Automation will allow humans to focus on the most important tasks. “As we automate more things, we will free up labor to move into those higher-level functions where the computer isn’t smart enough to figure it out yet. We will automate everything but leadership,” he says. “The tools that vendors are providing ... have more and more ability to manage themselves without human beings, but there are still decisions leaders need to make.”
Funding, of course, presents a challenge. Travis points out that his office has seen a 20 percent budget cut without a reduction in its mission.
A reallocation of work functions within DISA accompanies the convergence of network management tools. The Network Operations Division that Travis leads will be renamed the CyberNetOps Solutions Division within the Cyber Development Directorate. It is currently responsible for NetOps capabilities, and later this year also will be responsible for defensive cyber operations and situational awareness and analytics capabilities.
The convergence also will change the way the agency’s operations section prepares for combat. “The ops group is, in fact, re-engineering how they organize for battle, expecting a converged tool space to appear,” Travis reports.
Network management changes will include some capabilities moving to the cloud. “We are moving many of these capabilities into the milCloud environment,” he says, referring to DISA’s cloud-services product. The milCloud is designed to drive agility into the development, deployment and maintenance of secure Defense Department applications. It leverages a combination of mature commercial and government-developed technology to deliver cloud services.
Travis says the agency chose milCloud because it offers the lowest risk. “If there were a commercial cloud that met our requirement, we would happily move it onto there too,” he says.
The agency first will focus on converging ticketing systems, which are used to control the work processes that the agency uses when responding to malfunctions. In addition, the ticketing solution provides capabilities that DISA uses for problem management, service request management for select capabilities, including local area networking. Ticketing is one of the easier areas to consolidate.
Just last year, DISA was using “a bunch of different ticketing solutions,” Travis says. “What you see us doing now in 2017 is collapsing those ticketing solutions into a single integrated stack. I expect to have that done by 2018.”
Once DISA is using one integrated stack for ticketing, the military services and other agencies could follow between 2018 and 2021. The plan is aligned with the Defense Department’s move toward Joint Regional Security Stacks, a suite of equipment that performs firewall functions, intrusion detection and prevention, enterprise management, virtual routing and forwarding. The converged CyberNetOps vision also aligns with the Joint Information Environment that aims for a single enterprise operational support system for the entire department.
Automation also leads to efficiencies, which Travis defines primarily as cost savings. The money saved can be reinvested. “We are working to identify the savings we will create by turning things off. We invest that in effectiveness, which means doing things that I can’t do now or doing them better,” he offers.
Once DISA has arrived at a CyberNetOps solution, the agency will explore the possibility of providing it to other customers. “I’m a businessman, so I’m also looking for places where I can resell our solution to the other Defense Department activities. It’s easier for me to sell more licenses than for someone else to ... deploy and run their own systems. I gain efficiencies, and they can repurpose their people for other missions,” Travis suggests.
DISA’s efforts to connect and protect the network will be discussed in depth at the DCOS 2017 conference and exposition June 13-15 in Baltimore.