Defense Department Seeks Big-Picture View of Systems

March 2010
By Rita Boland, SIGNAL Magazine


Sgt. Jeremiah Sibley, USA (l), of A Company, 201st Military Intelligence (MI) Battalion, receives instruction from Sgt. Dustin Nguyen, USA, of the 470th MI Brigade S6 (communications staff) in operating a mobile computer as part of the Global Rapid Response Information Package. The Defense Information Systems Agency (DISA) is working to give network operators the situational awareness to discover problems not only on their part of the infrastructure but anywhere on a network. This process will speed issue identification and resolution, enhancing mission assurance so critical operations can continue in the event of a problem.

Proactive approach to problems will enhance mission assurance and speed resolution.

The Defense Information Systems Agency is improving military networks by increasing the situational awareness of their statuses. The process enables people with permission to evaluate where a problem exists anywhere on a network, so they can reduce the time and resources necessary to fix it. Personnel also will be able to route their data better by understanding where failures occur and how to work around them.

In a campaign plan document yet to be finalized and released, Defense Information Systems Agency (DISA) Director Lt. Gen. Carroll F. Pollett, USA, lays out actions and priorities that will help his agency better support U.S. Defense Department missions. One of the key lines of operation in the plan is the “operate and assure” line under which the general has given specific guidelines to deliver Network Operations Situational Awareness (NetOps SA) information end to end. DISA is looking at NetOps SA in terms of what it needs to provide to the Defense Department’s strategic, operational and tactical environment to ensure that enough information goes to decision makers to assess the status and security posture of the network.

Mark Orndorff, director of the Program Executive Office (PEO) for Mission Assurance and Network Operations at DISA, says his office is lining up efforts to support the NetOps SA priorities. It has identified a number of capabilities in which warfighters and network operators require a better perspective into the availability and readiness of network operations. His office’s focus is to leverage the existing network operations infrastructure efficiently as well as to share the information from one provider to another using data standards and network-centric capabilities. This will allow those operating one portion of the infrastructure to share their data with the partners on which they depend.

He continues that the military lacks a good way to perform end-to-end situational awareness. The way information about network operations is spread affects personnel stateside as well as those overseas, including troops in battle zones. Military members in theaters such as Afghanistan depend on infrastructure outside that area to perform their missions. NetOps SA will give those warfighters visibility of the status across the entire infrastructure so they can troubleshoot, diagnose and deconflict issues that extend outside their specific operational area of responsibility.

For example, communications professionals may need to troubleshoot a problem with a voice over Internet protocol (VoIP) phone call from Afghanistan to the U.S. Central Command (CENTCOM) headquarters in Tampa, Florida. Though CENTCOM has specific responsibilities for portions of that infrastructure, the command depends on others who operate additional parts. Using NetOps SA, operators can view those other portions, directly support the pieces they have responsibility for and see the other pieces. This enables them to identify issues faster, ensure the right operations center is working on the restoration and put the call back on line as quickly as possible.

Orndorff says that this example is one to which most people can relate. Through NetOps SA, Global Information Grid (GIG) users can assess problems in their own portions of the network as well as know when to leave their own infrastructure alone and let others solve the problems in their own responsibilities. “Part of what we’re trying to do is align mission threats,” Orndorff explains. Any time the network experiences congestion or outages, personnel have to prioritize the support effort. The GIG NetOps SA effort intends to align network operations with mission priorities so people know where to focus their time and attention when resolving problems.

As part of DISA’s NetOps SA work, the agency is striving to facilitate the military’s move toward network-centric operations through data standards, standard interfaces, the ability to obtain information from authoritative data sources and ways to use the information. Through NetOps SA, DISA would be able to move away from point-to-point solutions and unique interfaces between systems without having to implement multiple changes as alterations occur in various systems. Instead, network personnel could change the interface once, then publish that data, making it readily available. This move reduces the amount of development effort necessary for each system consuming and publishing information.

The NetOps SA work also is part of a DISA effort to move away from using the word “secure” to a focus on mission assurance. “The difference there is [that] we don’t want to prioritize and think just in terms of ‘how do we secure information’ without thinking through our real objective of assuring support for DOD [Defense Department] missions,” Orndorff says. At times, this focus could require military officials to make harder decisions about the correct security to achieve the right requirements to enable missions.

NetOps SA affects mission assurance by increasing situational awareness of the state of the network and the missions operating on it. Users understand the congestion better so they can make real-time tuning and operational calls to align network resources with network priorities. Operators receive the information and tools they need to support mission priorities across the network better when they can see more than their own piece.


Capt. Roger Brooks IV, USAF, commander of a 12-man Joint Terminal Attack Controllers team, takes coordinates at an Afghan border police observation post. Network Operations Situational Awareness work being conducted by DISA aims at ensuring mission assurance for military networks. The work will help enable troops to carry on their missions, especially critical ones, with less interruption from either network problems or the security resolutions to those issues.

Despite the agency’s desire to think outside the “secure” box, keeping networks safe is still a priority. Orndorff describes the operation of military networks as “a pretty sensitive business,” and part of the architecture DISA is implementing ensures that actual command and control is limited only to the community of interest that has specific responsibility for operating and defending the networks. He explains that DISA will not publish NetOps on the Internet for public consumption but will make it available to those who need it to operate the networks—whether that means the nonsecure Internet protocol router network (NIPRNet) or the secret Internet protocol router network (SIPRNet).

Ann Kim, the division chief for NetOps under Orndorff’s PEO, explains that NetOps SA applies to both NIPRNet and SIPRNet because military personnel must have visibility across both networks. Kim says that DISA sees no difference between the two in terms of providing the visibility, though classification is obviously an issue. She also explains that enabling NetOps SA is important to the ability of DISA and Defense Department leadership to conduct command and control of the network. “This is work that is critically important to our ability to operate and defend our networks,” she states.

Kim and her team have focused time and attention on attack detection capabilities integrated into the overall network operations picture. The work is intended to examine a variety of threat scenarios and ensure that in the event of an attack, the right data comes together to identify the threat on networks. Orndorff explains that the cyberthreat is a primary focus area, and this includes how the office makes sure the military is able to operate through all conditions—including a cyberattack.

He elaborates by mentioning an example of the effect a past series of attacks on the general Internet had on Defense Department operations. At that time, military capabilities were limited, and protection required blocking locations and protocols. Orndorff said that affected some “pretty critical missions” as the steps mitigated the effect of the attack. NetOps SA resolution methods still could affect operations, but they will give operators the information they need to support required mission services.

Though the PEO is responsible for the NetOps SA effort, Orndorff says the office works with many other organizations by serving as a type of coordinator. He explains that various offices throughout DISA have responsibility to develop the capabilities that feed into the overall network operations architecture. The PEO’s job is to ensure that the different efforts come together, provide situational awareness support and develop the situational awareness piece that gathers and correlates data. In addition to working with other departments within DISA, the office has to coordinate with the military services and combatant commands to leverage their NetOps SA.

Also involved in the NetOps SA project is a private-sector team led by Raytheon Company and including General Dynamics, SAIC, Eye Street Software and BCMC. Sailaja Raparla, director of Raytheon’s NetOps and Information Solutions, says that because so much activity occurs on the GIG, NetOps SA developers want to provide the situational awareness capabilities to ensure proactively that warfighters have full mission assurance. According to Raparla, developers want to make sure the whole GIG is providing necessary information to support missions occurring in different domains.

She compares the GIG to a big company that can pass down information but might not be adroit at spreading it in other ways. Through NetOps SA, users can share information in different directions. Those responsible for the operation of military networks will find the new capabilities beneficial, but most users never will notice a difference in their use of the networks.

Raparla shares that the situational awareness project is important because it is a new and emerging area and because—even though security has been in place—maintaining visibility of the networks has not been there. Threats in certain sectors may have cascading secondary effects on other areas. Using NetOps SA, network personnel can solve all the problems more quickly. “In cybersecurity, the key is speed,” she says. 

Program Executive Office for Mission Assurance and Network Operations:
GIG Operations:
Raytheon NetOps and Information Solutions:



Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.