1 / 23

NAVAL SUPERIORITY IN THE INFORMATION AGE

NAVAL SUPERIORITY IN THE INFORMATION AGE. Robert J. Carey Department of the Navy Chief Information Officer.

thao
Télécharger la présentation

NAVAL SUPERIORITY IN THE INFORMATION AGE

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NAVAL SUPERIORITY IN THE INFORMATION AGE Robert J. Carey Department of the Navy Chief Information Officer

  2. “The enemy is more networked, more decentralized, and operates within a broader commander’s intent than any 20th century foe we’ve ever met. In fact, this enemy is better networked than we are.” Retired General John Abizaid“Transformation Warfare 07” Conference20 June 07 – Norfolk, Virginia

  3. Today’s iPhone has more processing power than the North American Air Defense Command had in 1965

  4. TODAY’S IM/IT CHALLENGES Cyber Security Next Generation Enterprise Network (NGEN) Current and Future Technologies

  5. IT security spending by government planned for 2008 is $6.1 billion. As cyber threats escalate, more resources will be required... The President’ssingle largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative(CNCI) CYBER SECURITY

  6. CYBER ATTACKS • A 2008 Verizon report examined more than 500 cyber attacks (across industry and government) from 2004-2007. Results showed: • 73% of the attacks were from external sources and 18% were caused by insiders • Insider breaches were much more damaging than those from external sources • 59% of breaches resulted from hacking and intrusions • 90% of known vulnerabilities had patches available at least 6 months prior to the breach • 83% of the attacks were not highly difficult and 85% were the result of opportunistic attacks • 87% were considered avoidable through reasonable controls “The social network that is the by-product of the information black market enables players in the criminal underground to collaborate with one another to find vulnerable systems, compromise data, and commit fraud”

  7. CYBER SECURITYSolutions and Major DON CIO Focus Areas Encryption of Data At Rest NMCI solution deployment commencing Fall 2008 Consistent and interoperable solution across the DON Legacy to follow as funding becomes available Increased Information Security Role based access – Identity Management Application of biometrics where appropriate PK-Enabled Blackberries Credentials for SYSADMINS Preparing to issue alternate tokens for cryptographic logon 50% of NMCI SYSADMINS at Quantico and Pendleton will participate in pilot in October 2008 Monitoring tools to the desktop level vice the firewall Abnormal behavior can be seen and managed FISMA – changes the way programs are developed Focuses concentration on information security and systems security What you don’t measure you can’t improve Increased Information reliability What are we doing? What should everyone be doing? Shrink infrastructure Collapse data to authoritative databases Mandate to sign and encrypt emails – JTF-GNO

  8. CYBER SECURITYSolutions and Major DON CIO Focus Areas Controlled Unclassified Information – “FOUO” DON way ahead to cut in and move forward vice backwards compatibility Transition to DIACAP Moving from a system-centric to a net-centric perspective Presidential memorandum issued 7 May 2008 Intended to be enabled through technology More suitable process for C&A Working to get C&A interoperability across all DoD components SECNAVINST 5239.19 Establishes Department of the Navy incident response policy

  9. CYBER SECURITYSolutions – How do we achieve secure access? A holistic approach to Identity Management Eliminate the use of PKI Soft Certs Use Biometrics to determine root identity Policy on where access validation level requires CAC AND biometrics… Employ Cryptographic Logon across the Department Legacy networks Deploy Single Sign-On to enterprise portal (DKO) Deploy network monitoring tools to ensure “traffic management”

  10. PROTECTING PERSONALLY IDENTIFIABLE INFORMATION What are we doing now? Tighter PII controls Stricter handling of PII Consequences for improper handling exist UCMJ Civilian HR Manual Review and validate IT systems requiring PIAs Increase awareness through training • What will we do in the future? • Treat PII similar to classified • Hold leadership accountable • Page 13 - Military • Entry on Duty Form for Civilians • Ensure contract language addresses handling of PII • Encryption of data at rest, software / hardware tools • Enhance approved training with annual certification • Reduction in use of Social Security Numbers

  11. Privacy Awareness Changing Behavior

  12. NEXT GENERATION ENTERPRISE NETWORKVISION A secure, reliable capability that focuses on the warfighter first enabling command and control as well as our business and administrative functions. NGEN will provide a state of the art, global networking environment that is responsive to the operational commander, unleashes the collaborative nature of the Millennium Generation and empowers our future warriors. It will build on the lessons learned in developing the world's largest intranet, allowing the control and cost visibility necessary to migrate off expensive vulnerable legacy networks.

  13. DON ENTERPRISE SOLUTIONSTODAY’S NETWORK INFRASTRUCTURE Navy Marine Corps Intranet (NMCI) – the DON’s current shore-based network and operating environment in CONUS and select overseas locations Information Technology for the 21st Century (IT-21) – portfolio of acquisition programs for afloat forces that provide networking capabilities to the fleet Marine Corps Enterprise Network (MCEN) – portfolio of acquisition programs that provides network services to CONUS, OCONUS, and deployed Marine Air-Ground Task Forces (MAGTFs) OCONUS Navy Enterprise Network (ONE-NET) – provides shore installations overseas, a single integrated network with a full range of services and a centralized control authority Legacy networks – support specific functions within individual DON organizations or cross-service functions.

  14. DON ENTERPRISE SOLUTIONSNETWORK INFRASTRUCTURE – 2010 – NGEN • NGEN will be the network environment following the expiration of the NMCI contract in September 2010 • Capabilities will be delivered over time, taking advantage of lessons learned from NMCI • Will provide improved reliability, adaptability, security, governance, and enable warfighter mission accomplishment • Governance structure will allow for greater governmental oversight and contractual flexibility • Enterprise purchasing model will be used to provide cost savings for standard desktop suites

  15. DON ENTERPRISE SOLUTIONS Network Infrastructure – 2016 – NNE • Interoperable, Joint enterprise environment guided by a common enterprise architecture and standards • Data and services will be ubiquitously available to DON users • Will eventually include NGEN, CANES, MCEN, ONE-NET and excepted legacy networks • Common governance and operational construct • Will include the enterprise core network services, functional programs and projects, and major applications that will reside on the various Naval networks The NNE~2016 Strategy document can be found at http://www.doncio.navy.mil

  16. NGEN - Status Requirements signed by CNO/CMC in May 2008 Determining the most appropriate management structure Industry and Echelon II Information Day - forthcoming High Congressional interest

  17. CURRENT AND FUTURE TECHNOLOGIES Web 2.0 Technologies Facilitate sharing and collaboration Wikis Create, edit, and disseminate policy more efficiently Mash-ups Combine multiple sources of information for “big picture” view of operations Podcasts Disseminate information to a wider audience Blogs Facilitate dialogue between community and leadership Social Networking Utilize social networking principles to expand and enhance professional relationships GIG 2.0 How do we apply these technologies to support national security in the Department of Defense? Chat in theater Blogs as a conversation Government 2.0 As private enterprise changes to meet evolving skill sets, the public sector must follow

  18. HOW DOES THE DON CIO USE THESE TECHNOLOGIES? DON CIO Blog Discussion of IM/IT issues and how they impact the DON DON CIO Podcast Wikis Coordinate Edit Documents Create Policy

  19. Social Networking Environment Malware installed on social networking pages could infect unsuspecting visitors Peer to Peer computing challenges Mashup Technology Used by web applications to combine data/media from multiple sources, locations and coding styles Difficult to validate the security and integrity of web code Polymorphic Exploitation Attackers dynamically alter their exploits each time a potential victim visits a malicious page Creates a unique exploit and makes it impossible for signature-based protection engines to uniquely detect each attack instance WEB 2.0 SECURITY CHALLENGES

  20. WEB 2.0 CYBERSECURITY SOLUTIONS Educate web developers on need for secure coding throughout development lifecycle. Transition from finger-print or pattern matching protection to behavior-based protection. Enable protection engines to understand JavaScript just as the browser does. Utilizing feedback networks to analyze malicious web sites, encourage remediation and improve content filtering at the browser level.

  21. HOW CAN YOU HELP? Offer solutions in the context of DON issues Solutions to security that do NOT compromise access to information Foster innovation to quickly deliver the tools needed by today’s warfighter IT presents the opportunity to deliver capability to the warfighter rapidly

  22. DON CIO SUGGESTED READING Rule Number Two by Dr. Heidi Kraft Lieutenant Commander Heidi Kraft deployed to Iraq in 2004. A clinical psychologist in the US Navy, Kraft's job was to uncover the wounds of war that a surgeon would never see. She put away thoughts of her two children back home, acclimated to the sound of incoming rockets, and learned how to listen to the most traumatic stories a war zone has to offer.

  23. www.doncio.navy.mil Robert J. Carey Department of the Navy Chief Information Officer 703-602-1800 robert.carey@navy.mil

More Related