Enable breadcrumbs token at /includes/pageheader.html.twig

DISA Secures a Global Critical Infrastructure

The use of commercial communications services extends concerns far beyond U.S. borders.

The Inmarsat-5 satellite provides flexible global coverage from geosynchronous orbit. Inmarsat is one of the commercial systems the Defense Information Systems Agency (DISA) uses to provide global connectivity to U.S. forces overseas.

The Naval Radio Transmitter Facility Niscemi operates a variety of antenna systems, including these satellite dishes aimed at bringing communications down to Earth. DISA approaches its mix of commercial and military communications networks overseas as a critical infrastructure vital to connectivity among U.S. forces and facilities.

The Defense Information Systems Agency, or DISA, is applying both traditional and innovative infrastructure protection methods to its worldwide networking for U.S. defense installations. In some cases, conventional methods can hold services together. But in others, especially with cross-border telecommunications, DISA must secure its commercial connectivity without the benefit of the authorities inherent in a host country agency.

New ways of commercial networking widen the threat picture. Variety is the spice of vulnerability as networks evolve with innovative approaches. Having the right information for a network architecture is vital to moving information across global ranges, according to DISA officials.

Ultimately, diversity holds the key to preventing adversaries from knocking out U.S. defense telecommunications services with a single blow. The information agency uses a single baseline for all nations across the board to establish minimum service delivery for a U.S. facility’s needs.

Fred Ruonavar, chief of mission assurance for DISA, is responsible for analyzing all the critical assets and capabilities the agency employs to support warfighters. These include large-bandwidth telecommunications services and the geospatial Standard Tactical Entry Point (STEP) teleport platform. His office must determine critical mission sets around the world as well as telecommunications requirements, capacity and diversity for survivability.

And these efforts include critical infrastructure protection, both for the core Defense Information Systems Network and for all leased hardware and services. For DISA, protection begins before overseas networking is established and ramps up afterward.

“We deliver an agile, robust, secure architecture across the globe, and we continually adjust and modify that based on the changing dynamics of commercial industry as they exist,” Ruonavar states. “As new systems get on board, we look to leverage those capabilities … for future systems as they move forward.”

Most of DISA’s commercial infrastructure is overseas, he notes. The challenge facing the agency is that potential adversaries have become more aggressive, partnering on a global scale. As nation-states and industries partner with one another, DISA officials must understand who owns which portion of the infrastructure. That has become increasingly difficult, Ruonavar offers.

“The challenge we face is multifaceted, and the threats can be everything from a piece of construction equipment digging into a fiber cable to a cyber attack on critical infrastructure for telecommunication,” he says. “The threats change over time, and the vulnerabilities to those threats change over time.”

A significant task is understanding the cyber risks that can crop up “out of nowhere,” Ruonavar states. These risks could imperil both the DISA infrastructure and the commercial architecture as well as the local power grid. Many DISA telecommunication systems pass through countries without a U.S. presence, and vulnerabilities there could have the same detrimental effects as in a host nation. “There are many seams and gaps and challenges associated with providing end-to-end connectivity over a diverse platform that goes through different geographical terrains,” Ruonavar states. “Even within a theater of operation, you may cross between two or three countries—some of which change their policies and procedures at any one given time, which could then impact their ability to provide the service based on the contract requirements.”

When a U.S. installation depends on neighboring countries for connectivity, DISA considers the most critical mission sets for the installation and ensures it has enough capacity to meet mission requirements, even if an external connection is lost. Diversity is essential to meeting this demand, Ruonavar says. “You can’t have all your connectivity going through a specific nation, over a specific grid, through a specific tunnel or undersea cable,” he declares. “We have to diversify to the best of our ability based on the capabilities that exist within a region.”

The growing threat picture to these commercial services looms large. Ruonavar attributes this to the changing dynamic of how networks are being built today. As DISA has increased its requirements to support defense mission sets globally, industry has been striving to deliver services faster, cheaper and with new capabilities. He relates that when companies enter into partnerships with similar commercial firms, this reduces cost competition and potential government savings.

Another problem is that the diversity of equipment sets can be challenging to determine because of resource consolidation. This happens worldwide, Ruonavar says. And, as technologies improve, incompatibility problems can emerge. Different routing technologies can lead to latency issues, so DISA must factor in any changes to ensure that contract specifications are met for each system. The agency has had difficulty obtaining accurate information on the routes that circuits take, Ruonavar allows.

The architecture assessment process begins before contracts are awarded. Ruonavar explains that, as DISA puts out contract offers, the agency specifies basic points. When it receives its tenders, it examines aspects such as diversity. Other concerns include terrain, with hazards such as floods or tectonic earthquakes adding to risk factors. DISA conducts a full risk analysis when it leases services from vendors; it also ensures that it does not lease duplicate services, under identical conditions, that could suffer concurrent fates.

The agency has established a set of country characterizations and analytics for its infrastructure across the globe, Ruonavar continues. With those, it examines each tender for survivability. This requires working directly with the individual commercial vendors that have provided the contract proposals as well as incorporating the specific characteristics that define terrain for a U.S. installation in a nation-state—or several nation-states, depending on the communication links. DISA employs a full set of analytics centered on end-to-end connectivity that includes mission set requirements, he notes.

Because commercial telecommunication systems are designed to be robust enough to generate strong revenue streams, they also tend to be able to provide the right level of service for DISA’s communications needs, Ruonavar points out. And industry drives the standards for available capacity, and this often is far greater than needed on an everyday basis. As bandwidth demands increase exponentially, industry already is meeting those needs, he says.

DISA’s major focus is to guarantee last-mile delivery, Ruonavar continues. The agency must ensure survivability of U.S. facilities that communications are delivered to, and industry must maintain accurate records of where circuits and systems are passing through. “That’s critical,” he states. “If we don’t have that level of analytics, then we’re basically relying on industry to ensure that it has given us a robust, survivable network.

“So it requires a give and take. We put the tenders on the street. The vendors respond to them and give us the right level of information so we can do the analytics. And then, over the course of time, we continue to work with them to make sure the services they’re delivering are meeting our benchmarks. And our operations folks are right on top of all of that, making sure that as we move forward, all the systems and capabilities are meeting the service requirements that we need,” Ruonavar explains.

Most parts of the communications infrastructure have been in operation for at least a year, so DISA understands its architecture. But when locations change—and new services or requirements are issued because of that change—then DISA must analyze the new location, its capabilities and whether they meet the Defense Department’s mission-critical requirements. These criteria come into play when determining vendor service delivery and survivability, Ruonavar concludes.