View
3.385
Download
11
Category
Tags:
Preview:
DESCRIPTION
Robert Carey joined GTSC for a session on DOD's technology priorities, cyber security and budget considerations for 2014/2015.
Citation preview
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
DoD CIO Priorities for 2014
Principal Deputy Chief Information Officer
U.S. Department of Defense January 17, 2014
Robert J. Carey
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
Agenda
• DoD CIO Focus
• DoD IT Environment
• Movement toward the Joint Information Environment o Major Components of JIE
o Work in Progress
o Way Ahead
• Additional Significant Work Streams o Cybersecurity
o Mobility
o Spectrum Strategy and Implementation Plan
• How Can Industry Help
2
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
DoD CIO Focus
• Deliver the Joint Information Environment
o Major effort and change within the Department towards IT modernization
• Strengthen Cyber Security o Improve information security from desktop to data center o Cyber workforce strategy o DoD strategy for defending networks and data
• Deliver Secure Mobile Devices o Deploy and manage secure modern mobile devices
• Manage RF Spectrum to support mission
3
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
We must ensure access to information
… on any device,
at anytime, under all conditions,
wherever the warfighter needs it …
What We’re About: Mission Assurance - Warfighter Needs
4 Mission assurance is DoD’s top priority
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
IT Systems
• > $39.6B in FY14 • > $17.4B in IT
Infrastructure • > $4.7B for
cybersecurity
• ~1.4 million active duty • ~783,000 civilian
personnel • ~1.2 million National
Guard and Reserve • 5.5+ million family
members and military retirees
• 146 + countries • 5,000 + locations • 600,000 + buildings
and structures
• >10,000 operational systems (20% mission critical)
• ~1700 data centers • ~65,000 servers • ~7+ million computers and IT
devices
• Thousands of networks/enclaves
• Thousands of email servers, firewalls, proxy servers, etc.
• Mobile devices ~ 493,000 Blackberries ~ 41,000 iOS Systems (Pilots) ~ 8,700 Android Systems (Pilots)
DoD IT User Base
Total IT Budget
DoD IT Environment: Cyber Footprint
5 Scale of the footprint … scope of the challenge
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
• JIE (when delivered fully) will consist of: o ~25 Core Data Centers using common computing environment, ~800 smaller installation data
centers (reduced from ~2000) that are secure, resilient and efficient o Coherent security architecture / protected networks with enhanced resiliency to int/ext threats o Common Enterprise Services that support the entire Department o Component built business/warfighter applications on a joint technology infrastructure
• JIE implements joint network standards, specifications, and architectures driving commonality across a diverse DoD computing environment to drive greater security and information sharing
This DoD-wide effort toward the JIE will: • Realign, restructure, modernize how IT
(NIPRnet and SIPRnet) networks and systems are constructed, operated, and defended
• Consolidate and standardize the design and architecture of the Department’s networks
• Change Cyber Security Tactics, Techniques and Procedures
6
What is the Joint Information Environment?
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
• Enhanced Mission Effectiveness o Rapidly and dynamically respond to changing mission information needs for all operational
scenarios o Users and Systems will have timely and secure access to the data services needed to accomplish
their assigned missions, regardless of their location or device
• Increased Security o Able to jointly See, Block, Maneuver across the whole of the DoD information Network
• Allow Commanders to manage risks within regional domains o C2 of the Network from USCC and component cyber commands o Users and systems can trust their connection from end to end o Knowledge of the network, the data, and accesses with role and persona attribution
o Capabilities are remain available during contested or degraded cyber events
• Achieved IT Efficiencies o Information assets are joint assets, leverage by all for Department missions o Constant visibility into it expenditures through increased transparency o Maximize Enterprise purchasing and minimize variations
Benefits of the JIE
7
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
Technical Documentation leading to the development of an Acquisition Baseline
What’s needed:
Prog
ram
C
onsi
dera
tions
Joint Information Environment
IdAM Single Security Architecture
Enterprise Services
Enterprise Operations
Data Center Consolidation
Network Normalization
Transparent Documentation of IT Infrastructure Costs and Cost Recovery Approaches
Defined Enterprise IT Service Management Processes - Incident Mgmt - Event Mgmt - Problem Mgmt - Change Mgmt
Architecture patterns for Security
- Monitoring - C2
Help Desk
End to End IP Transport
Predictable Security Boundaries
MPLS Virtual Networks with QoS
Architecture Patterns for Security
- Monitoring - C2
Standard Approach to Security - Zoned Approach - Boundaries
provided and managed at DoD Enterprise
- Standard Network Configurations
Architecture Patterns for CND
GFE Computing (e.g., cloud computing) - Capacity
Services - Storage Services - Standard
Network Configurations
Single Security Architecture
Portal Services
Instant Messaging/Chat/Presence Awareness VOIP/SVOIP Directory Services
Single Identity linked to DEERS
Authentication via Direct PKI or Gateway Service On-demand account provisioning Access management patterns
JIE Capabilities Provided to Programs
9
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
10 1/24/2014
Enhancing Cyber Operations Security Improving ability to see and respond to Cyber Threats • Improved Security Architecture (~400 TLAs to 15 regional
TLAs) supporting CONUS & SWA • USMC centralized Operations Center • Mandated use of Enterprise Directory Services and an
authoritative identity data source • Established initial Enterprise Operations Center in Europe
Network Consolidation Consolidating networks and IT infrastructure across the Department IOT increase operational effectiveness • Converging voice, data, video networks via EoIP & migrating to Enterprise
(DISA provided )VoIP (call management) Services • Upgrade to network(MPLS) routers - managed by DISA, • USMC upgrading network (MPLS) routers • Service reduced gateways from 203 to 16 • Services reducing legacy networks • COCOM’s pursuing consolidated desktop initiative • COCOM’s consolidating HQs and component networks
Enterprise Capabilities and Applications Reducing costs through movement to enterprise licensing, capability delivery and application reduction • USA reduce applications by 30%; ID’d 2.5K of 10.6K to sunset • Microsoft Joint Enterprise License Agreement • USMC Data Center hosting Navy and DoJ apps • DON adopts USMC PMO for DON ELAs; USN to complete 3 of
12 ELAs in FY 13 • USN reduced 25K applications to 6K • Coordinating Mission Partner Environment • Commercial cloud service offering pilot efforts
JIE Progress to Date
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
11 1/24/2014
DoD Chief Information
Officer
CC/S/A
JIE Management
Construct
Joint Staff
DoD
Acqu
isitio
n, B
udge
t & R
equi
rem
ents
Pro
cess
es
JIE EXORD
5 Dec 2012
“First and foremost, JIE will improve mission effectiveness.”
Office of the Secretary of
Defense
Directs DoD Components to participate and align resources
to enable JIE
CJCS JIE Whitepaper
22 Jan 2013
JIE Operations CONOPS 1.0
25 Jan 2013
JIE Increment-1 Transition CONOPS
25 Jul 2013
“…describes roles, responsibilities, functions and
tasks…”
DoD is committed to multi-year JIE effort directed by DoD CIO
DoD ITESR
5 Oct 2011
JIE ICD
In progress
EDS
22 Jan 2013
JIE Implementation Memo
6 May 2013
DoD CDC
11 Jul 2013
JIE Management Charter
9 NOV 2012
JTSO Establishment Memo
29 Aug 2012
JOSG Establishment Memo
23 Oct 2012
Key JIE planning forums stood up
with CC/S/A support and participation
JIE Increment-1 Business Case Analysis
Inactive/Not Complete
“BCA…is the first step in aligning PPBE processes for JIE stakeholders”
“JIE represents the largest restructuring of IT management in the history of the Depart of Defense.”
JIE Inc 1 IOC in Europe
11 Jul 2013
DoD UC Memo
11 Jul 2013
Directs implementation of key capabilities and sets conditions for future planning
“All requirements set for IOC for JIE Increment-1 in the European and specified Africa Commands AORs have been met.”
CYBERCOM Tasking Order J3-13-0688
31 Jul 2013
Acronym Key CDC – Core Data Center DOT&E – Director of Operational Test & Evaluation EDS – Enterprise Directory Services EXORD – Execution Order DEE- Defense Enterprise Email ICD - Initial Capabilities Document IOC – Initial Operational Capability ITESR – IT Enterprise Strategy and Roadmap JMC – JIE Management Construct JOSG – JIE Operational Sponsor Group JTSO – JIE Technical Synchronization Office OT&E – Operational Test & Evaluation UC- Unified Capabilities UCP – Unified Command Plan
OT&E Oversight Memo
12 Aug 2013
Places all JIE related capabilities under DOT&E oversight.
JIE Operations CONOPS 2.0
In progress
JIE EXORD Modification 1
12 SEP 2013
Designates Defense Enterprise Email as an Enterprise Service and states inclusion in DoD Information Enterprise Architecture for compliance purposes
CDC
1 Nov 2012
Identification of Data Center Types
Migration of Apps and systems by FY18
DEE
5 SEP 2013
JIE Inc2 PACOM
6 SEP 2013
Implementation Guidance
26 Sep 2013
Key JIE Policies and Guidance
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
12
Enterprise Architecture
Solution Architectures
Reference Architectures
Policy &
Guidance
Provides direction for identifying, developing, and prescribing IT, including NSS and DBS, standards
Establishes the role of the DoD EA in providing context and rules for accomplishing the mission of the Department.
Approved 10 Aug 2012; Foundation for the JIE EA
Provide Strategic Purpose, Principles, Patterns, Technical Positions and Vocabulary for Solution Architecture development
In Formal Review; expected to be approved for JIE RA and SA development in 1QFY14
Acronym Key IEA – Information Enterprise Architecture JIE EA – Joint Information Environment Enterprise Architecture EANCS – Enterprise-wide Access to Network and Collaboration Services ADO – Active Directory Optimization CDC – Core Data Center SSA – Single Security Architecture UC – Unified Capabilities IdAM – Identity and Access Management EOC – Enterprise Operations Center EC – Enterprise Cloud NNT – Network Normalization and Transport OOB – Out Of Band
Establishes a capability-focused, architecture-based approach for interoperability analysis; Establishes the requirement for enterprise services to be certified for interoperability.
DoD IEA v2.0
10 AUG 2012
JIE EA v0.4
In Progress
DoDI 8310.aa
In Progress
Establishes governing policy for Unified Capabilities products and services supported on DoD networks.
DoDI 8100.04
9 DEC 2010
DoDI 8270.bb
In Progress
DoDI 8330.aa
In Progress
DoD IEA v3.0
In progress
SAs Under Development by IDTs: IdAM: Directory Services, Synchronization Services, Authentication GW Services, People & Organization Discovery Services, Enclave Attribute Services, and DoD Visitor SSA: Enterprise Perimeter Protection, Base Area Network(ICAN), and Enterprise IA Security CDC: Core Data Center, Installation Process Node (IPN), and Installation Services Node (ISN) NNT: Wide Area Network (WAN), SATCOM Gateway, and Mobility Gateway Unified Capabilities EOC/OOB Instrumentation
IdAM Data Dictionary
14 AUG 2013
Naming Specification Informational Guidance; Currently Under TWG Review
ADORA
29 Aug 2012
CDC RA
18 SEP 2012
UC RA
8 FEB 2013
IdAM RA
In Review
EOC RA
In Progress
EANCS
24 AUG 2010
SSA RA
MAY 2013
EC RA
In progress
Merges the architecture content and guidance of DoD IEA v2.0 and the JIE EA into a single, integrated, authoritative architecture for the Information Enterprise.
1/24/2014
Key JIE Related Architecture Artifacts
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
JIE Way Ahead
• Continue to leverage COCOMs, Services and Agencies IT initiatives to achieve end-state
• Drive implementation and execution actions necessary to deliver capabilities o Acquire via component normal tech refresh process to standards and
architectures defined as JIE norms
• Improve IT Budget transparency to align spend • Develop and deploy policies, procedures, oversight, and
culture that enables info sharing • Accelerate initiatives where feasible to move effort forward • Consolidate/standardize elements of networks to more
effectively defend them and confront threats with agile information sharing 13
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
• Cybersecurity
• Mobility • Spectrum Strategy and Implementation Plan
14 1/24/2014
Additional Significant Work Streams
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
High
Low
1980 1985 1990 1995 2000
Soph
istic
atio
n
cross site scripting
password guessing self-replicating code
password cracking exploiting known vulnerabilities
disabling audits back doors
hijacking sessions
sweepers sniffers
packet spoofing
graphic user interface
automated probes/scans
denial of service
www attacks
“stealth” / advanced scanning techniques
burglaries
network mgmt. diagnostics
Distributed attack tools staging
sophisticated C2
2010
phishing
Growth of the Cyber Threat Sophistication of available tools is GROWING
Sophistication
required of Actors is DECLINING
2015
?
“Cyberspace is real. And so are the risks
that come with it.” -President Obama,
29 May 09
?
15
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
Defending DoD Networks & Systems: Cyber Strategic Choices for 2020
Shift to Proactive Cyber Defense
Operations
Fully employ active cyber defense
Provide forces to maneuver and
influence
Deliver Adaptable Cyber Defense
Solutions
Architect a defensible information environment
Strengthen data defenses
Enhance Cyber Situational Awareness
and Partnering
Improve the cyber sensing infrastructure
Harness the power of Big Data analytics
Assure Survivability against Catastrophic
Cyber Attacks
High priority mission areas
Prepare for success against large-scale
cyber- attack Mitigate all phases of cyber aggression
Institutionalize cyber threat-based
engineering & acquisition
Capitalize on the strengths of public-private partnerships
Defend beyond DoD boundaries
Engineer unpredictable
defenses
Implement a multi-mission cyber
operational picture
Focusing Cyber Defense on Assured Mission Execution 16
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
JIE Security Architecture Overview
The intent of the security architecture is to: • Create a coherent, uniform and standards-based security construct
o Uniform Service/Capability Delivery o Ability to Standardize Ingress/Egress connectivity as well as O&M processes
• Improve Performance of Security o Provide full security suite capability to every Base / Post / Camp / Station o Fill known holes in the current security architecture o Provide full visibility, move away from standalone to an enterprise security solution o Reduced lateral movement beneath the Regional Security Stacks o Enclave boundaries clearly defined and centrally managed o Provide a Security Infrastructure that is Always On, Always Connected
• Improve Cost of Security o Cost avoidance associated with life-cycle of hardware, eliminate localized Security Stacks, by
delivering the same services through 11 Centralized Security Stacks. o Cost avoidance associated with operations and maintenance o Cost avoidance associated with scaling to meet emerging requirements o No new hardware simply add virtual instances
17 1/24/2014
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
JIE SSA Architecture Overview (V2.0)
18 1/24/2014
• JIE Single Security Architecture team delivered the JIE SSA RA Version 2.0 and receiving comments from the Architecture Working Group (AWG)
– Enterprise Perimeter Protections – NIPR & SIPR – Cross Domain Security – Common Network Interfaces – CND views
• Version 3.0 will include Mission Partner Environment (MPE), SATCOM, UC, and IdAM
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
What actions are we taking? • Evolving DoD’s defenses:
o Standardization and consolidation of the infrastructure
o Layering defenses o Deploying identity tools – PKI all network
domains o Improving monitoring
• Multiple efforts to contain, dampen, detect, diagnose, and respond to successful or partially successful cyber intrusions and attacks include: o Network hardening o Moving toward more automation via continuous
monitoring
19 19
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
• DoD Mobile Device Strategy, Jun 2012
• DoD CMD Implementation Plan, Feb 2013
• Mobility STIGs (iOS, Android, BB), May 2013
• Commercial Classified Solution (Secret), May 2013
• DISA MDM/MAS award, Jun 2013
• Defense Enterprise Email, Sept 2013
• DoD Enterprise MDM and Mobile App Storefront, Dec 2013
• Commercial Classified Solution (Top Secret), May 2013
• Modified CMD Security Approval Process, July 2014
• SME PED end-of-life, Dec 2014
DoD Mobility Strategy
20
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
DoD Mobility Strategy & Implementation Plan
Mobility Gateways FY13-14
Business Case
Analysis
BYOD
CMD Pilot Consolidation
MDM/MAS Award
Expedite Approval Process
Ent
erpr
ise
Sol
utio
n
FY13 FY14 FY15 - 17 FY17 - Beyond
MAS
MAM
MDM CAC/PIV 201-2 Integration
NEW SPEC
?
Promote the development and User of
DoD Mobile & Web-Enabled
Apps
An enterprise Mobility
services for Classified & Unclassified capabilities
Information Enterprise
Infrastructure to support
Mobile Devices
Mobile Device Policies and Standards
DoD Mobility Strategy
DoDI 8100.02
Federal Digital
Strategies
DoD CIO Consolidation
Plan
Federal Standards
Technology Insertion
Phase-out SME PED
Primary Communication for
ROUTINE DoD Users is Wireless
TBD
New Classified Capability
BCA – Business Case Analysis BYOD – Bring Your Own Device CMD – Commercial Mobile Device DoDI – DoD Instruction MAM – Mobile Application Management MAS – Mobile Application Store MDM – Mobile Device Management MILDEP – Military Department PIV – Personal Identity Verification SME PED – Secure Mobile Environment Portable Electronic Device
21
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
22
Battlefield Training/Testing
Increasingly Contested & Congested
• Constraining Regulatory Environment
• Repurposing/Spectrum Sharing
• Auctions of Federal spectrum in US
• Reallocation of military spectrum in host nations
• Exponential increase in
wireless devices worldwide
• Jamming
• Cyber warfare
•Mobility Strategy
•More unmanned systems
• More powerful radars to combat stealthier threats
• Increasing data rates
• Connectivity to lower echelons
DoD’s exclusive access to spectrum WILL BE reduced and challenged – in US and overseas spectrum sharing and co-use is a certainty
Wireless Industry
Mob
ile In
tern
atio
nal C
oalit
ion
Challenge: Rapidly Changing Spectrum Use
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
Response: DoD Electromagnetic Spectrum Strategy
Spectrum Dependent
Systems
Goal 1: Increase efficiency,
flexibility, and adaptability
• Expedite development of spectrum efficient and flexible technologies • Accelerate sharing technologies • Adopt commercial services where feasible • Strengthen enterprise oversight
Spectrum Operations
Goal 2: Increase agility
• Develop near real-time spectrum operations • Advance ability to mitigate interference • Modify policy, regulation and standards to allow agile spectrum
operations
Spectrum Regulation and Policy
Goal 3: Sharpen responsiveness
• Reform DoD’s ability to assess regulatory/policy proposals • Expand DoD participation in regulatory/policy discussions • Institutionalize DoD’s ability to adapt to regulatory/policy changes
Vision: Spectrum access when and where needed to achieve mission success
• A paradigm shift - Improvements to spectrum management and spectrum efficiency are necessary, but not sufficient - spectrum access through sharing is required to increase DoD’s spectrum access opportunities
• Advancements in technology and associated policy/regulations are needed • Required for success: Collaboration/partnerships AND Leadership/ Accountability
Working toward “win-win” for DoD, other federal users, and the wireless industry
23
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
How can you Help?
• Ask hard questions…propose answers in the context of our problem set
• Leverage your best and brightest • Help us find lasting, innovative solutions • Be part of our success
Collaboration – Key to conquering our challenges 24
D o D C I O
S U P P O R T T H E W A R F I G H T E R
UNCLASSIFIED
25
QUESTIONS?
Recommended