Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Robert Carey, Principal Deputy CIO, DOD Insight session


Published on

Robert Carey joined GTSC for a session on DOD's technology priorities, cyber security and budget considerations for 2014/2015.

Published in: Technology
  • Login to see the comments

Robert Carey, Principal Deputy CIO, DOD Insight session

  1. 1. DoD CIO UNCLASSIFIED DoD CIO Priorities for 2014 Robert J. Carey Principal Deputy Chief Information Officer U.S. Department of Defense January 17, 2014 SUPPORT THE WARFIGHTER
  2. 2. DoD CIO UNCLASSIFIED Agenda • DoD CIO Focus • DoD IT Environment • Movement toward the Joint Information Environment o Major Components of JIE o Work in Progress o Way Ahead • Additional Significant Work Streams o Cybersecurity o Mobility o Spectrum Strategy and Implementation Plan • How Can Industry Help SUPPORT THE WARFIGHTER 2
  3. 3. DoD CIO UNCLASSIFIED DoD CIO Focus • Deliver the Joint Information Environment o Major effort and change within the Department towards IT modernization • Strengthen Cyber Security o Improve information security from desktop to data center o Cyber workforce strategy o DoD strategy for defending networks and data • Deliver Secure Mobile Devices o Deploy and manage secure modern mobile devices • Manage RF Spectrum to support mission SUPPORT THE WARFIGHTER 3
  4. 4. DoD CIO UNCLASSIFIED What We’re About: Mission Assurance Warfighter Needs We must ensure access to information … on any device, at anytime, under all conditions, wherever the warfighter needs it … Mission assurance is DoD’s top priority SUPPORT THE WARFIGHTER 4
  5. 5. DoD CIO UNCLASSIFIED DoD IT Environment: Cyber Footprint DoD IT User Base IT Systems • ~1.4 million active duty • >10,000 operational systems (20% mission critical) • ~783,000 civilian personnel • ~1700 data centers • ~65,000 servers • ~7+ million computers and IT • ~1.2 million National Guard and Reserve devices • 5.5+ million family members and military retirees • Thousands of networks/enclaves Total IT Budget • 146 + countries • 5,000 + locations • 600,000 + buildings and structures • > $39.6B in FY14 • > $17.4B in IT Infrastructure • > $4.7B for cybersecurity • Thousands of email servers, firewalls, proxy servers, etc. • Mobile devices ~ 493,000 Blackberries ~ 41,000 iOS Systems (Pilots) ~ 8,700 Android Systems (Pilots) Scale of the footprint … scope of the challenge SUPPORT THE WARFIGHTER 5
  6. 6. DoD CIO UNCLASSIFIED What is the Joint Information Environment? • JIE (when delivered fully) will consist of: o ~25 Core Data Centers using common computing environment, ~800 smaller installation data centers (reduced from ~2000) that are secure, resilient and efficient o Coherent security architecture / protected networks with enhanced resiliency to int/ext threats o Common Enterprise Services that support the entire Department o Component built business/warfighter applications on a joint technology infrastructure • JIE implements joint network standards, specifications, and architectures driving commonality across a diverse DoD computing environment to drive greater security and information sharing This DoD-wide effort toward the JIE will: • Realign, restructure, modernize how IT (NIPRnet and SIPRnet) networks and systems are constructed, operated, and defended • Consolidate and standardize the design and architecture of the Department’s networks • Change Cyber Security Tactics, Techniques and Procedures SUPPORT THE WARFIGHTER 6
  7. 7. DoD CIO UNCLASSIFIED Benefits of the JIE • Enhanced Mission Effectiveness o o • Rapidly and dynamically respond to changing mission information needs for all operational scenarios Users and Systems will have timely and secure access to the data services needed to accomplish their assigned missions, regardless of their location or device Increased Security o Able to jointly See, Block, Maneuver across the whole of the DoD information Network • Allow Commanders to manage risks within regional domains o o Users and systems can trust their connection from end to end o Knowledge of the network, the data, and accesses with role and persona attribution o • C2 of the Network from USCC and component cyber commands Capabilities are remain available during contested or degraded cyber events Achieved IT Efficiencies o Information assets are joint assets, leverage by all for Department missions o Constant visibility into it expenditures through increased transparency o Maximize Enterprise purchasing and minimize variations SUPPORT THE WARFIGHTER 7
  8. 8. DoD CIO UNCLASSIFIED JIE Capabilities Provided to Programs Joint Information Environment Program Considerations Enterprise Operations Defined Enterprise IT Service Management Processes - Incident Mgmt Event Mgmt Problem Mgmt Change Mgmt Network Normalization End to End IP Transport Predictable Security Boundaries MPLS Virtual Networks with QoS Architecture patterns for Security - Monitoring C2 Architecture Patterns Single Security Architecture Data Center Consolidation Standard Approach to Security GFE Computing (e.g., cloud computing) - - - Zoned Approach Boundaries provided and managed at DoD Enterprise Standard Network Configurations for Security - Monitoring C2 - Capacity Services Storage Services Standard Network Configurations Enterprise Services Email IdAM Single Identity linked to DEERS Portal Services Instant Messaging/Chat/Pr esence Awareness VOIP/SVOIP Directory Services Single Security Architecture Architecture Patterns Authentication via Direct PKI or Gateway Service On-demand account provisioning Access management patterns for CND Help Desk What’s needed: Technical Documentation leading to the development of an Acquisition Baseline Transparent Documentation of IT Infrastructure Costs and Cost Recovery Approaches SUPPORT THE WARFIGHTER 9
  9. 9. DoD CIO UNCLASSIFIED JIE Progress to Date Network Consolidation Consolidating networks and IT infrastructure across the Department IOT increase operational effectiveness • Converging voice, data, video networks via EoIP & migrating to Enterprise (DISA provided )VoIP (call management) Services • Upgrade to network(MPLS) routers - managed by DISA, • USMC upgrading network (MPLS) routers • Service reduced gateways from 203 to 16 • Services reducing legacy networks • COCOM’s pursuing consolidated desktop initiative • COCOM’s consolidating HQs and component networks Enterprise Capabilities and Applications Reducing costs through movement to enterprise licensing, capability delivery and application reduction Enhancing Cyber Operations Security Improving ability to see and respond to Cyber Threats • Improved Security Architecture (~400 TLAs to 15 regional TLAs) supporting CONUS & SWA • USMC centralized Operations Center • Mandated use of Enterprise Directory Services and an authoritative identity data source • Established initial Enterprise Operations Center in Europe 1/24/2014 • • • • USA reduce applications by 30%; ID’d 2.5K of 10.6K to sunset Microsoft Joint Enterprise License Agreement USMC Data Center hosting Navy and DoJ apps DON adopts USMC PMO for DON ELAs; USN to complete 3 of 12 ELAs in FY 13 • USN reduced 25K applications to 6K • Coordinating Mission Partner Environment • Commercial cloud service offering pilot efforts SUPPORT THE WARFIGHTER 10
  10. 10. DoD CIO “All requirements set for IOC for JIE Increment-1 in the European and specified Africa Commands AORs have been met.” UNCLASSIFIED Key JIE Policies and Guidance 5 Oct 2011 5 Dec 2012 JIE Management Charter CDC DoD Chief Information Officer 1 Nov 2012 9 NOV 2012 Migration of Apps and systems by FY18 DoD CDC DoD UC Memo 11 Jul 2013 11 Jul 2013 JTSO Establishment Memo CJCS JIE Whitepaper 22 Jan 2013 JIE Operations CONOPS 1.0 JIE Management Construct CYBERCOM Tasking Order J3-13-0688 CC/S/A 31 Jul 2013 22 Jan 2013 5 SEP 2013 Directs implementation of key capabilities and sets conditions for future planning 23 Oct 2012 JIE Increment-1 Transition JIE Operations CONOPS CONOPS 2.0 25 Jul 2013 In progress 11 Jul 2013 6 SEP 2013 Implementation Guidance 26 Sep 2013 JIE ICD “JIE represents the largest restructuring of IT management in the history of the Depart of Defense.” In progress JIE Increment-1 Business Case Analysis “BCA…is the first step in aligning PPBE processes for JIE stakeholders” “…describes roles, responsibilities, functions and tasks…” 25 Jan 2013 DEE JOSG Establishment Memo 29 Aug 2012 12 Aug 2013 JIE Inc2 JIE Inc 1 IOC in Europe PACOM EDS Key JIE planning forums stood up with CC/S/A support and participation “First and foremost, JIE will improve mission effectiveness.” Joint Staff Places all JIE related capabilities under DOT&E oversight. 6 May 2013 12 SEP 2013 Identification of Data Center Types OT&E Oversight Memo DoD is committed to multi-year JIE effort directed by DoD CIO Directs DoD Components to participate and align resources to enable JIE Office of the Secretary of Defense 1/24/2014 JIE Implementation Memo JIE EXORD Modification 1 JIE EXORD Inactive/Not Complete Designates Defense Enterprise Email as an Enterprise Service and states inclusion in DoD Information Enterprise Architecture for compliance purposes SUPPORT THE WARFIGHTER Acronym Key CDC – Core Data Center DOT&E – Director of Operational Test & Evaluation EDS – Enterprise Directory Services EXORD – Execution Order DEE- Defense Enterprise Email ICD - Initial Capabilities Document IOC – Initial Operational Capability ITESR – IT Enterprise Strategy and Roadmap JMC – JIE Management Construct JOSG – JIE Operational Sponsor Group JTSO – JIE Technical Synchronization Office OT&E – Operational Test & Evaluation UC- Unified Capabilities UCP – Unified Command Plan DoD Acquisition, Budget & Requirements Processes DoD ITESR 11
  11. 11. DoD CIO UNCLASSIFIED Key JIE Related Architecture Artifacts DoDI 8100.04 Policy & Guidance 9 DEC 2010 Establishes governing policy for Unified Capabilities products and services supported on DoD networks. In Progress Provides direction for identifying, developing, and prescribing IT, including NSS and DBS, standards In Progress architecture-based approach for interoperability analysis; Establishes the requirement for enterprise services to be certified for interoperability. IdAM Data Dictionary DoDI Establishes the role of the DoD EA in providing context and rules for accomplishing the mission of the Department. In Progress In Progress In progress Merges the architecture content and guidance of DoD IEA v2.0 and the JIE EA into a single, integrated, authoritative architecture for the Information Enterprise. EANCS ADORA CDC RA SSA RA UC RA IdAM RA EOC RA 24 AUG 2010 29 Aug 2012 18 SEP 2012 MAY 2013 8 FEB 2013 In Review In Progress Reference Architectures Solution Architectures 1/24/2014 14 AUG Naming Specification Informational Guidance; Currently Under TWG 2013 Review DoD IEA v3.0 In Formal Review; expected to be approved for JIE RA and SA development in 1QFY14 Approved 10 Aug 2012; Foundation for the JIE EA 10 AUG 2012 DoDI 8330.aa capability-focused, JIE EA v0.4 DoD IEA v2.0 Enterprise Architecture Establishes a DoDI 8310.aa SAs Under Development by IDTs: IdAM: Directory Services, Synchronization Services, Authentication GW Services, People & Organization Discovery Services, Enclave Attribute Services, and DoD Visitor SSA: Enterprise Perimeter Protection, Base Area Network(ICAN), and Enterprise IA Security CDC: Core Data Center, Installation Process Node (IPN), and Installation Services Node (ISN) NNT: Wide Area Network (WAN), SATCOM Gateway, and Mobility Gateway Unified Capabilities EOC/OOB Instrumentation SUPPORT THE WARFIGHTER EC RA Provide Strategic Purpose, Principles, Patterns, Technical Positions and Vocabulary for Solution In progress Architecture development Acronym Key IEA – Information Enterprise Architecture JIE EA – Joint Information Environment Enterprise Architecture EANCS – Enterprise-wide Access to Network and Collaboration Services ADO – Active Directory Optimization CDC – Core Data Center SSA – Single Security Architecture UC – Unified Capabilities IdAM – Identity and Access Management EOC – Enterprise Operations Center EC – Enterprise Cloud NNT – Network Normalization and Transport OOB – Out Of Band 12
  12. 12. DoD CIO UNCLASSIFIED JIE Way Ahead • Continue to leverage COCOMs, Services and Agencies IT initiatives to achieve end-state • Drive implementation and execution actions necessary to deliver capabilities o Acquire via component normal tech refresh process to standards and architectures defined as JIE norms • Improve IT Budget transparency to align spend • Develop and deploy policies, procedures, oversight, and culture that enables info sharing • Accelerate initiatives where feasible to move effort forward • Consolidate/standardize elements of networks to more effectively defend them and confront threats with agile information sharing SUPPORT THE WARFIGHTER 13
  13. 13. DoD CIO UNCLASSIFIED Additional Significant Work Streams • Cybersecurity • Mobility • Spectrum Strategy and Implementation Plan 1/24/2014 SUPPORT THE WARFIGHTER 14
  14. 14. DoD CIO UNCLASSIFIED Sophistication of available tools is GROWING Growth of the Cyber Threat ? High Sophistication Sophistication required of Actors is DECLINING sophisticated C2 cross site scripting “stealth” / advanced scanning techniques packet spoofing sniffers denial of service sweepers staging Distributed attack tools www attacks automated probes/scans graphic user interface back doors disabling audits “Cyberspace is real. And so are the risks that come with it.” -President Obama, 29 May 09 exploiting known vulnerabilities password cracking self-replicating code password guessing 1980 1985 ? network mgmt. diagnostics hijacking sessions burglaries Low phishing 1990 1995 2000 SUPPORT THE WARFIGHTER 2010 2015 15
  15. 15. DoD CIO UNCLASSIFIED Defending DoD Networks & Systems: Cyber Strategic Choices for 2020 Shift to Proactive Cyber Defense Operations Deliver Adaptable Cyber Defense Solutions Enhance Cyber Situational Awareness and Partnering Fully employ active cyber defense Architect a defensible information environment Improve the cyber sensing infrastructure Provide forces to maneuver and influence Strengthen data defenses Harness the power of Big Data analytics Mitigate all phases of cyber aggression Engineer unpredictable defenses Implement a multimission cyber operational picture Institutionalize cyber threat-based engineering & acquisition Capitalize on the strengths of publicprivate partnerships Defend beyond DoD boundaries Assure Survivability against Catastrophic Cyber Attacks High priority mission areas Prepare for success against large-scale cyber- attack S P P O R T H W A R F I Mission Focusing CyberUDefense TonEAssuredG H T E R Execution 16
  16. 16. DoD CIO UNCLASSIFIED JIE Security Architecture Overview The intent of the security architecture is to: • Create a coherent, uniform and standards-based security construct o Uniform Service/Capability Delivery o Ability to Standardize Ingress/Egress connectivity as well as O&M processes • Improve Performance of Security o Provide full security suite capability to every Base / Post / Camp / Station o Fill known holes in the current security architecture o Provide full visibility, move away from standalone to an enterprise security solution o Reduced lateral movement beneath the Regional Security Stacks o Enclave boundaries clearly defined and centrally managed o Provide a Security Infrastructure that is Always On, Always Connected • Improve Cost of Security o Cost avoidance associated with life-cycle of hardware, eliminate localized Security Stacks, by delivering the same services through 11 Centralized Security Stacks. o o Cost avoidance associated with scaling to meet emerging requirements o 1/24/2014 Cost avoidance associated with operations and maintenance No new hardware simply add virtual instances SUPPORT THE WARFIGHTER 17
  17. 17. DoD CIO UNCLASSIFIED JIE SSA Architecture Overview (V2.0) • JIE Single Security Architecture team delivered the JIE SSA RA Version 2.0 and receiving comments from the Architecture Working Group (AWG) – Enterprise Perimeter Protections – NIPR & SIPR – Cross Domain Security – Common Network Interfaces – CND views • Version 3.0 will include Mission Partner Environment (MPE), SATCOM, UC, and IdAM 1/24/2014 SUPPORT THE WARFIGHTER 18
  18. 18. DoD CIO UNCLASSIFIED What actions are we taking? • Evolving DoD’s defenses: o o o o Standardization and consolidation of the infrastructure Layering defenses Deploying identity tools – PKI all network domains Improving monitoring • Multiple efforts to contain, dampen, detect, diagnose, and respond to successful or partially successful cyber intrusions and attacks include: o o Network hardening Moving toward more automation via continuous monitoring SUPPORT THE WARFIGHTER 19
  19. 19. DoD CIO UNCLASSIFIED DoD Mobility Strategy • DoD Mobile Device Strategy, Jun 2012 • DoD CMD Implementation Plan, Feb 2013 • Mobility STIGs (iOS, Android, BB), May 2013 • Commercial Classified Solution (Secret), May 2013 • DISA MDM/MAS award, Jun 2013 • Defense Enterprise Email, Sept 2013 • DoD Enterprise MDM and Mobile App Storefront, Dec 2013 • Commercial Classified Solution (Top Secret), May 2013 • Modified CMD Security Approval Process, July 2014 • SME PED end-of-life, Dec 2014 SUPPORT THE WARFIGHTER 20
  20. 20. DoD CIO UNCLASSIFIED DoD Mobility Strategy & Implementation Plan Mobile Device Policies and Standards Promote the development and User of DoD Mobile & Web-Enabled Apps An enterprise Mobility services for Classified & Unclassified capabilities DoD Mobility Strategy NEW SPEC ? MAM MAS MDM Business Case Analysis CAC/PIV 2012 Integration MDM/MAS Award BYOD TBD FY13 FY14 FY15 - 17 FY17 - Beyond Enterprise Solution Information Enterprise Infrastructure to support Mobile Devices BCA – Business Case Analysis BYOD – Bring Your Own Device CMD – Commercial Mobile Device DoDI – DoD Instruction MAM – Mobile Application Management MAS – Mobile Application Store MDM – Mobile Device Management MILDEP – Military Department PIV – Personal Identity Verification SME PED – Secure Mobile Environment Portable Electronic Device Expedite Approval Process CMD Pilot Consolidation DoDI 8100.02 Mobility Gateways FY13-14 DoD CIO Consolidation Plan Phase-out SME PED Federal Digital Strategies New Classified Capability Federal Standards SUPPORT THE WARFIGHTER Primary Communication for ROUTINE DoD Users is Wireless Technology Insertion 21
  21. 21. DoD CIO UNCLASSIFIED Challenge: Rapidly Changing Spectrum Use Battlefield Training/Testing • Constraining Regulatory Environment • Cyber warfare •Mobility Strategy •More unmanned systems • More powerful radars to combat stealthier threats • Increasing data rates • Connectivity to lower echelons Increasingly Contested & Congested • Repurposing/Spectrum Sharing • Auctions of Federal spectrum in US • Reallocation of military spectrum in host nations Wireless Industry Mobile International Coalition • Jamming • Exponential increase in wireless devices worldwide DoD’s exclusive access to spectrum WILL BE reduced and challenged – in US and overseas spectrum sharing and co-use is a certainty SUPPORT THE WARFIGHTER 22
  22. 22. DoD CIO UNCLASSIFIED Response: DoD Electromagnetic Spectrum Strategy Vision: Spectrum access when and where needed to achieve mission success Goal 1: Increase efficiency, flexibility, and adaptability • • • • Spectrum Operations Goal 2: Increase agility • Develop near real-time spectrum operations • Advance ability to mitigate interference • Modify policy, regulation and standards to allow agile spectrum operations Spectrum Regulation and Policy Goal 3: Sharpen responsiveness • Reform DoD’s ability to assess regulatory/policy proposals • Expand DoD participation in regulatory/policy discussions • Institutionalize DoD’s ability to adapt to regulatory/policy changes Spectrum Dependent Systems Expedite development of spectrum efficient and flexible technologies Accelerate sharing technologies Adopt commercial services where feasible Strengthen enterprise oversight • A paradigm shift - Improvements to spectrum management and spectrum efficiency are necessary, but not sufficient - spectrum access through sharing is required to increase DoD’s spectrum access opportunities • Advancements in technology and associated policy/regulations are needed • Required for success: Collaboration/partnerships AND Leadership/ Accountability Working toward “win-win” for DoD, other federal users, and the wireless industry SUPPORT THE WARFIGHTER 23
  23. 23. DoD CIO UNCLASSIFIED How can you Help? • Ask hard questions…propose answers in the context of our problem set • Leverage your best and brightest • Help us find lasting, innovative solutions • Be part of our success Collaboration – Key to conquering our challenges SUPPORT THE WARFIGHTER 24