MOUNTAIN VIEW, Calif.—A clear, salient message emanated from the Hahn Auditorium stage at the Computer History Museum April 20: The CIO of the U.S. Army is actively seeking new data center management tools to get its far-flung IT systems working together more efficiently and to tighten up security.
During a panel discussion titled, "Moving Past Conventional IT," at the SINET (Security Innovation Network) IT Security Entrepreneurs Forum, Lt. General Robert Ferrell told about 60 invited Silicon Valley executives that the military is in the market for some new-gen IT tools and services and that it's actively looking for solutions now.
In moving beyond conventional IT—which includes LANs and WANs— the military encounters different issues associated with securing and protecting real-time control systems. For example, in the case of a weapons/control system, the traditional security attributes of confidentiality, integrity and availability often must be inverted in importance. Availability becomes preeminent because a real-time control system usually cannot be disturbed while in operation.
This has real implications for activities such as scanning, patching and continuous monitoring, with which latency is an issue, Ferrell said.
Army Systems Bogged Down with Legacy IT
Ferrell said the Army IT teams are bogged down with legacy hardware and software that comprise about 80 percent of all their global systems. Security, naturally, is one of the top-priority pain points, along with centralized and automated control systems.
"We're finding that about 95 percent of our security effort has to do with the regular hygiene of taking care of users regarding PKI (public key infrastructure) or two forms of authentication. We find that by looking at our systems, that we really have lot of work to do across the global fabric within the Army [to modernize]," Ferrell said.
Public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public key encryption.
"For example, we don't have an automated tool that will allow us to go engine-to-engine to provide us with the analysis of what we have, the status of the health and welfare of the network, and how to do automatic patching required for the enterprise. So that's a big opportunity out there that I think is open for all," Ferrell said.
A Clear and Present Opportunity
An opportunity for Silicon Valley? Yes, that would be safe to say. Are you listening, Dell, CA, IBM, VMware, HashiCorp, BMC, nLyte, Microsoft, Brocade, HPE Opsware, Emerson Avocent—and all the dozens of other competent IT orchestration software companies that could help the Army out?
"The next area where we are challenged is within our workforce," Ferrell said. "Recruiting, training and maintaining a cyber workforce that's needed to operate these systems and to assist us with guidance to mitigate security problems. We typically bring kids on, we train them, they get experience, then they see other opportunities industrywide. So that's a big challenge on our part, to try and maintain a quality workforce."
Ferrell said that the Army is working on a list of initiatives to help move to a more secure environment.
"You've probably heard of the term Joint Information Environment—that's where the entire Department of Defense is working toward one single infrastructure, built on common standards," Ferrell said. "We're all committed to doing that, and the effort within the Army—we're starting with the (National) Guard, then the Corps of Engineers—is just starting.”
Army 'Collapsing' Systems Together
"We're collapsing their environments onto the Army network. When that is completed, that'll mean 60 percent of the Army enterprise will be on one platform. That should be accomplished this year," he noted.
As the DOD develops the Joint Information Environment, the lines between components will blur. The matrixed organization evolving the JIE illustrates the department's technological strategy. The current organization includes the Joint Chiefs of Staff (JCS), Office of the Deputy Chief Management Officer (DCMO), DOD CIO, Joint Staff J6, CYBERCOM, military services, intelligence community, and National Guard.
This is no simple undertaking—especially in security, Ferrell said.
"We're also installing what we call joint regional security stacks. (There are) lots of backdoors to the enterprise—in the Army's last count, over 1,500. We're going to replace those 1,500 with only 55 stacks," Ferrell said. "This will reduce the attack surface, if you will, for any intrusions in the network.
"What we need is your innovation, when it comes to tools—helping us from a DOD level to a service-unique level that allows us to see ourselves (in a centrally controlled manner) and to identify those anomalies that are in the network, isolate them and destroy them in a timely fashion."
SINET is a security consultancy based in San Francisco. Go here for more information.