By Jason Miller
ORLANDO -- The Defense Department is spending $2.5 billion on
information assurance in fiscal 2007, and a good portion of those funds
are to ensure the military can share data safely and more easily with
the intelligence community.
John Grimes, DOD CIO, yesterday said the key to information sharing is
security. If you cant protect information, you cant share it.
We are looking at those two areas in our architecture and in the next
generation of security technology, and how we may change the
nonclassified IP router network, he said at the Information Processing
Interagency Conference, sponsored by the Government IT Executive
Conference. The only way to get to net-centricity is to ensure we can
share information and it is interoperable. We are spending a lot of
money on this.
One program DOD is working on with the Homeland Security Department and
other agencies is the National Command Coordination Center, which will
improve information sharing among federal, state and local agencies.
Grimes also pointed to DODs ongoing move to net-centricity and using
service-oriented architecture to separate data from the application
The information must be understandable and must be able to be used over
and over again, Grimes said.
To ensure data interoperability, DOD is moving more toward communities
of interest, including one recently set up in the maritime community
with the Coast Guard, Navy and other agencies. Grimes said the Office of
Management and Budget is paying close attention to how these communities
While information sharing is important, Grimes said most of DODs efforts
are to ensure all data is secure.
We have seen a huge increase in targeted incidents over the Internet, he
said. We are under attack 24 hours a day, seven days a week, and we are
starting to share information on cyberattacks or holes with DHS, and
they are sharing back.
Grimes illustrated DODs challenges with statistics such as:
* 46 percent increase of hackers altering DOD Web sites
* 28 percent increase in e-mail scams
* 250 percent increase in malware.
He also pointed to recent attacks that took down the National Defense
Universitys system and another attack on the Armys Fort Hood in Texas.
The Army spent about $50 million to $60 million to bring their sites up
after the attack, Grimes said.
To meet these challenges, DOD is relying on enterprise security
solutions such as public-key infrastructure with the Common Access Card
and patch management software, he said.
DOD also is working with the Office of National Intelligence to develop
standard security policies and uniform reciprocity agreements to accept
certification and accreditation of each others systems.
Grimes also said the Global Information Grid information assurance
portfolio is how DOD is moving to the next generation security
We are tagging data, and it will go into our service-oriented
architecture, he said. We are on that road and pushing hard.
Visit the InfoSec News Security Bookstore