Enable breadcrumbs token at /includes/pageheader.html.twig

Fostering Technology Transformation

The Defense Information Systems Agency is at the heart of some of the U.S. Defense Department's most sweeping technological changes.
By George I. Seffers, SIGNAL Magazine


The SIPRNET/NIPRNET Access Point, or SNAP, terminal, a component of the Warfighter Information Network-Tactical, is designed to provide beyond line-of-sight voice, video and data communications to small units at forward operating bases, enabling network capability down to the team, platoon and company level. The Defense Information Systems Agency (DISA) is working to provide greater access to the networks.

The DISA technology office focuses on mobility, cloud computing and information sharing.

The Defense Information Systems Agency is at the heart of some of the U.S. Defense Department’s most sweeping technological changes. These include the struggle to supply warfighters with handheld devices secure enough to connect to both classified and nonclassified networks, the move toward cloud computing and the never-ending need to improve information sharing. If every piece of the agency’s vision is achieved, the Defense Department network environment will be leaner, less expensive, more efficient and more accessible while providing greater situational awareness and modernizing military communications.

Working with the National Security Agency (NSA), the Defense Information Systems Agency (DISA) intends within the next few months to provide cellphone access to its nonsecure Internet protocol router network, known as NIPRNET, and within 18 months to its secret Internet protocol router Network, or SIPRNET. By having easy access to department networks, mobile devices could fundamentally change the way the military does business. They could facilitate greater situational awareness on the battlefield and allow warfighters on the ground to use smartphones for a wide range of applications, including mission planning, as well as calls for fire and medical evacuation.

Serving as the point man on these changes is DISA’s chief technology officer, David Mihelcic. “With respect to mobility, we want to bring to the modern warfighter the same capabilities that consumers and other business users have with smartphones,” he says. “Not just at the unclassified level, but also making sure the Android and iPhone and other smartphones are capable of meeting our security requirements for protecting our sensitive unclassified data. And, in partnership with NSA, ensuring those capabilities in the future will be able to support our classified data.”

Under the mobility effort, DISA, the NSA and the Defense Department’s chief information officer (CIO) currently are working on an initiative to deliver within the next six months, the first increment of services that will support secure, unclassified use of smartphones on the Defense Department’s networks. The department is in the process of refining its security technical implementation guides to allow for smartphone usage on the networks. Officials also intend to provide certain critical services, including a software application store, so that personnel can download department-approved applications. In addition, the department needs to put in place a mobile device management capability so that policies can be pushed down to particular phones to secure them for the requisite standard, Mihelcic says.

The next step is to provide the architecture needed to use commercial smartphones for classified applications. “That takes a little bit longer because it is dependent on NSA’s development of the profiles to secure the commercial phones. Then developers will have to deliver phones that will meet those profiles, and they’ll have to go through a testing regime. We estimate that to be a nine- to 18-month time frame,” Mihelcic says.

Cloud computing is another top priority in the coming months. With the move toward the cloud, DISA is adopting the same technologies used by Amazon.com and others, which provide large-scale virtualization and the ability to provision services rapidly on demand. “We’re talking about transforming the way we do business in the Department of Defense, moving away from static data centers to a persistent processing environment that is geographically distributed,” Mihelcic says. This will be not only across DISA Defense Enterprise computing centers, but also across data centers operated by the military services. The capabilities will be forward-deployed with  warfighting forces, he adds.

DISA began leveraging cloud computing in 2008 by creating its own secure private cloud, the Rapid Access Computing Environment (RACE), which uses virtual server technology to provide on-demand server space for research and development teams. RACE aims to be more secure and stable than a traditional public cloud, according to government documents.

RACE consists of many virtual servers inside a single physical server. The system provides a self-service portal secured to Defense Department standards, saves users money and reduces the time to provision a dedicated server environment. Provisioning that once took up to six weeks now can be done in 24 hours. “We’ve had the first iteration of cloud computing, and we’re beginning to pilot the use of the same capability for fully operational services. We’re also working on an enhanced version of what is known as platform-as-a-service in partnership with the U.S. Air Force CIO,” Mihelcic reveals.


Providing mobile devices to warfighters, a top priority for the DISA chief technology officer, could transform military communications and information sharing on the battlefield, supporting a wide-range of military missions. Here, captured Taliban weapons are destroyed in a controlled explosion at Bagram Air Base, Afghanistan.

Cloud computing will offer “certain value-added services” such as attribute-based access control, which would be available as part of the cloud computing infrastructure, he adds. Attribute-based access control replaces username- and password-protection-based network access, relying instead on attributes about particular users such as clearance level, citizenship, or their particular role as defined in a combatant command organization, Mihelcic explains.

DISA initiated attribute-based access control under a 2008 joint concept technology demonstration known as National Senior Leadership Decision Support Service, which transitioned last year to two of DISA’s program executive offices. “That was the pathfinder for the way we’re transforming access control to the Department of Defense generally under an effort known as IdAM, which stands for Identity and Access Management,” Mihelcic says. “That effort is actually led by DISA in support of the Defense Department CIO. We are enhancing services that were initially deployed under [the technology demonstration] to provide attributes for attribute-based access control decisions so that you can more rapidly share information among the services and combatant commands.”

Forge.mil is another cloud computing project that fosters information sharing, which is a major focus of the CTO office. Forge.mil provides a software development platform that allows users to collaborate on software code and to re-use code for multiple purposes. It has more than 5,000 users working on more than 500 projects, Mihelcic explains. DISA estimates that Forge.mil saves up to $500,000 per project, and it has enabled $15 million in cost avoidance, according to government documents.

Mihelcic lists information sharing as one of his accomplishments and cites several examples, such as Enterprise User, which was inspired by the experience of a warfighter with boots on the ground. The son of one of Mihelcic’s deputies was on an Air Force explosive ordnance disposal (EOD) team in Afghanistan and was frustrated that every time he changed units or bases, which was frequently, he was forced to go through an often time-consuming process of gaining local permission to access the network.

“One of the things you need to understand about EOD technicians is that they thrive on information. It’s all about sharing information with the other technicians in the field. They need to learn what people are seeing as far as the latest devices and how to defuse them,” the CTO explains. “We developed Enterprise User, which is a set of software patches applied to defense networks—specifically to Windows domain controllers—that allows users to plug their Common Access Card into a Defense Department computer, and they are granted guest access on that network. They can get to a Web browser, to Office applications and to email and get their job accomplished.”

The fix was developed in about six months and took more than a year to implement fully. “Developing the software was the easy part. Sometimes getting the owners of the networks to apply those patches was the harder part,” Mihelcic states, adding that Enterprise User has been in place for about two years.

Enterprise User also will play a role in the agency’s efforts to make the networks more accessible from any computer anywhere in the world. The Common Access Card already provides access to NIPRNET, and now the agency is working on a Talon card to provide access to the classified network. “It’s basically a small, high-assurance Internet-protocol encryptor and a small form factor that, when coupled with a laptop and 3G wireless, will allow senior leaders to access SIPRNET from anywhere in the world,” Mihelcic explains. “Moving forward, we believe capabilities like the mobility effort, as well as the commercial smartphones for classified programs, will allow us to do those same activities from much smaller form factors—smartphones or tablets.”


DISA: www.disa.mil
DISA chief technology officer: www.disa.mil/About/CTO