Robert Carey, Principal Deputy CIO, DOD Insight session
1. DoD CIO
UNCLASSIFIED
DoD CIO Priorities for 2014
Robert J. Carey
Principal Deputy
Chief Information Officer
U.S. Department of Defense
January 17, 2014
SUPPORT THE WARFIGHTER
2. DoD CIO
UNCLASSIFIED
Agenda
• DoD CIO Focus
• DoD IT Environment
• Movement toward the Joint Information Environment
o
Major Components of JIE
o
Work in Progress
o
Way Ahead
• Additional Significant Work Streams
o
Cybersecurity
o
Mobility
o
Spectrum Strategy and Implementation Plan
• How Can Industry Help
SUPPORT THE WARFIGHTER
2
3. DoD CIO
UNCLASSIFIED
DoD CIO Focus
• Deliver the Joint Information Environment
o
Major effort and change within the Department towards IT
modernization
• Strengthen Cyber Security
o
Improve information security from desktop to data center
o
Cyber workforce strategy
o
DoD strategy for defending networks and data
• Deliver Secure Mobile Devices
o
Deploy and manage secure modern mobile devices
• Manage RF Spectrum to support mission
SUPPORT THE WARFIGHTER
3
4. DoD CIO
UNCLASSIFIED
What We’re About: Mission Assurance Warfighter Needs
We must ensure
access to information
…
on any device,
at anytime,
under all conditions,
wherever the warfighter
needs it …
Mission assurance is DoD’s top priority
SUPPORT THE WARFIGHTER
4
5. DoD CIO
UNCLASSIFIED
DoD IT Environment: Cyber Footprint
DoD IT User Base
IT Systems
• ~1.4 million active duty
• >10,000 operational systems
(20% mission critical)
• ~783,000 civilian
personnel
• ~1700 data centers
• ~65,000 servers
• ~7+ million computers and IT
• ~1.2 million National
Guard and Reserve
devices
• 5.5+ million family
members and military
retirees
• Thousands of
networks/enclaves
Total IT Budget
• 146 + countries
• 5,000 + locations
• 600,000 + buildings
and structures
• > $39.6B in FY14
• > $17.4B in IT
Infrastructure
• > $4.7B for
cybersecurity
• Thousands of email servers,
firewalls, proxy servers, etc.
• Mobile devices
~ 493,000 Blackberries
~ 41,000 iOS Systems (Pilots)
~ 8,700 Android Systems
(Pilots)
Scale of the footprint … scope of the challenge
SUPPORT THE WARFIGHTER
5
6. DoD CIO
UNCLASSIFIED
What is the Joint Information Environment?
• JIE (when delivered fully) will consist of:
o
~25 Core Data Centers using common computing environment, ~800 smaller installation data
centers (reduced from ~2000) that are secure, resilient and efficient
o
Coherent security architecture / protected networks with enhanced resiliency to int/ext threats
o
Common Enterprise Services that support the entire Department
o
Component built business/warfighter applications on a joint technology infrastructure
• JIE implements joint network standards, specifications, and architectures
driving commonality across a diverse DoD computing environment to drive
greater security and information sharing
This DoD-wide effort toward the JIE will:
• Realign, restructure, modernize how IT
(NIPRnet and SIPRnet) networks and systems
are constructed, operated, and defended
• Consolidate and standardize the design and
architecture of the Department’s networks
• Change Cyber Security Tactics, Techniques
and Procedures
SUPPORT THE WARFIGHTER
6
7. DoD CIO
UNCLASSIFIED
Benefits of the JIE
•
Enhanced Mission Effectiveness
o
o
•
Rapidly and dynamically respond to changing mission information needs for all operational
scenarios
Users and Systems will have timely and secure access to the data services needed to accomplish
their assigned missions, regardless of their location or device
Increased Security
o
Able to jointly See, Block, Maneuver across the whole of the DoD information Network
• Allow Commanders to manage risks within regional domains
o
o
Users and systems can trust their connection from end to end
o
Knowledge of the network, the data, and accesses with role and persona attribution
o
•
C2 of the Network from USCC and component cyber commands
Capabilities are remain available during contested or degraded cyber events
Achieved IT Efficiencies
o
Information assets are joint assets, leverage by all for Department missions
o
Constant visibility into it expenditures through increased transparency
o
Maximize Enterprise purchasing and minimize variations
SUPPORT THE WARFIGHTER
7
8. DoD CIO
UNCLASSIFIED
JIE Capabilities Provided to Programs
Joint Information
Environment
Program
Considerations
Enterprise
Operations
Defined Enterprise IT
Service Management
Processes
-
Incident Mgmt
Event Mgmt
Problem Mgmt
Change Mgmt
Network
Normalization
End to End IP
Transport
Predictable Security
Boundaries
MPLS Virtual
Networks with QoS
Architecture patterns
for Security
-
Monitoring
C2
Architecture Patterns
Single Security
Architecture
Data Center
Consolidation
Standard Approach
to Security
GFE Computing
(e.g., cloud
computing)
-
-
-
Zoned Approach
Boundaries
provided and
managed at DoD
Enterprise
Standard
Network
Configurations
for Security
-
Monitoring
C2
-
Capacity
Services
Storage Services
Standard
Network
Configurations
Enterprise
Services
Email
IdAM
Single Identity
linked to DEERS
Portal Services
Instant
Messaging/Chat/Pr
esence Awareness
VOIP/SVOIP
Directory Services
Single Security
Architecture
Architecture Patterns
Authentication via
Direct PKI or
Gateway Service
On-demand
account
provisioning
Access
management
patterns
for CND
Help Desk
What’s needed:
Technical Documentation leading to the development of an Acquisition Baseline
Transparent Documentation of IT Infrastructure Costs and Cost Recovery Approaches
SUPPORT THE WARFIGHTER
9
9. DoD CIO
UNCLASSIFIED
JIE Progress to Date
Network Consolidation
Consolidating networks and IT infrastructure across the
Department IOT increase operational effectiveness
• Converging voice, data, video networks via EoIP & migrating to Enterprise
(DISA provided )VoIP (call management) Services
• Upgrade to network(MPLS) routers - managed by DISA,
• USMC upgrading network (MPLS) routers
• Service reduced gateways from 203 to 16
• Services reducing legacy networks
• COCOM’s pursuing consolidated desktop initiative
• COCOM’s consolidating HQs and component networks
Enterprise Capabilities and Applications
Reducing costs through movement to enterprise
licensing, capability delivery and application reduction
Enhancing Cyber Operations Security
Improving ability to see and respond to Cyber Threats
• Improved Security Architecture (~400 TLAs to 15 regional
TLAs) supporting CONUS & SWA
• USMC centralized Operations Center
• Mandated use of Enterprise Directory Services and an
authoritative identity data source
• Established initial Enterprise Operations Center in Europe
1/24/2014
•
•
•
•
USA reduce applications by 30%; ID’d 2.5K of 10.6K to sunset
Microsoft Joint Enterprise License Agreement
USMC Data Center hosting Navy and DoJ apps
DON adopts USMC PMO for DON ELAs; USN to complete 3 of
12 ELAs in FY 13
• USN reduced 25K applications to 6K
• Coordinating Mission Partner Environment
• Commercial cloud service offering pilot efforts
SUPPORT THE WARFIGHTER
10
10. DoD CIO
“All requirements set for
IOC for JIE Increment-1 in
the European and specified
Africa Commands AORs
have been met.”
UNCLASSIFIED
Key JIE Policies and Guidance
5 Oct 2011
5 Dec 2012
JIE Management
Charter
CDC
DoD Chief
Information
Officer
1 Nov 2012
9 NOV 2012
Migration of
Apps and
systems
by FY18
DoD CDC DoD UC Memo
11 Jul 2013 11 Jul 2013
JTSO Establishment
Memo
CJCS JIE Whitepaper
22 Jan 2013
JIE Operations
CONOPS 1.0
JIE
Management
Construct
CYBERCOM Tasking
Order J3-13-0688
CC/S/A
31 Jul 2013
22 Jan 2013
5 SEP 2013
Directs
implementation
of key
capabilities and
sets conditions
for future
planning
23 Oct 2012
JIE Increment-1 Transition JIE Operations
CONOPS
CONOPS 2.0
25 Jul 2013
In progress
11 Jul 2013
6 SEP 2013
Implementation
Guidance
26 Sep 2013
JIE ICD
“JIE represents the
largest restructuring
of IT management in
the history of the
Depart of Defense.”
In progress
JIE Increment-1 Business
Case Analysis
“BCA…is the first
step in aligning
PPBE processes for
JIE stakeholders”
“…describes roles,
responsibilities,
functions and
tasks…”
25 Jan 2013
DEE
JOSG Establishment
Memo
29 Aug 2012
12 Aug 2013
JIE Inc2
JIE Inc 1
IOC in Europe PACOM
EDS
Key JIE planning
forums stood up
with CC/S/A
support and
participation
“First and foremost, JIE
will improve mission
effectiveness.”
Joint Staff
Places all JIE related
capabilities under
DOT&E oversight.
6 May 2013
12 SEP 2013
Identification
of Data Center
Types
OT&E
Oversight Memo
DoD is committed to
multi-year JIE effort
directed by DoD CIO
Directs DoD
Components to
participate and
align resources
to enable JIE
Office of the
Secretary of
Defense
1/24/2014
JIE Implementation
Memo
JIE EXORD
Modification 1
JIE EXORD
Inactive/Not Complete
Designates Defense
Enterprise Email as an
Enterprise Service and states
inclusion in DoD Information
Enterprise Architecture for
compliance purposes
SUPPORT THE WARFIGHTER
Acronym Key
CDC – Core Data Center
DOT&E – Director of Operational Test & Evaluation
EDS – Enterprise Directory Services
EXORD – Execution Order
DEE- Defense Enterprise Email
ICD - Initial Capabilities Document
IOC – Initial Operational Capability
ITESR – IT Enterprise Strategy and Roadmap
JMC – JIE Management Construct
JOSG – JIE Operational Sponsor Group
JTSO – JIE Technical Synchronization Office
OT&E – Operational Test & Evaluation
UC- Unified Capabilities
UCP – Unified Command Plan
DoD Acquisition, Budget & Requirements Processes
DoD ITESR
11
11. DoD CIO
UNCLASSIFIED
Key JIE Related Architecture Artifacts
DoDI 8100.04
Policy
&
Guidance
9 DEC 2010
Establishes
governing policy
for Unified
Capabilities
products and
services
supported on
DoD networks.
In Progress
Provides
direction for
identifying,
developing, and
prescribing IT,
including NSS
and DBS,
standards
In Progress
architecture-based
approach for
interoperability
analysis;
Establishes the
requirement for
enterprise services to
be certified for
interoperability.
IdAM Data
Dictionary
DoDI 8270.bb
Establishes the
role of the DoD EA
in providing
context and rules
for accomplishing
the mission of the
Department.
In Progress
In Progress
In progress
Merges the
architecture content
and guidance of DoD
IEA v2.0 and the JIE
EA into a single,
integrated,
authoritative
architecture for the
Information
Enterprise.
EANCS
ADORA
CDC RA
SSA RA
UC RA
IdAM RA
EOC RA
24 AUG 2010
29 Aug 2012
18 SEP 2012
MAY 2013
8 FEB 2013
In Review
In Progress
Reference
Architectures
Solution
Architectures
1/24/2014
14 AUG
Naming
Specification
Informational
Guidance;
Currently
Under TWG
2013 Review
DoD IEA v3.0
In Formal Review;
expected to be
approved for JIE RA
and SA development
in 1QFY14
Approved 10
Aug 2012;
Foundation for
the JIE EA
10 AUG 2012
DoDI 8330.aa capability-focused,
JIE EA v0.4
DoD IEA v2.0
Enterprise
Architecture
Establishes a
DoDI 8310.aa
SAs Under Development by IDTs:
IdAM: Directory Services, Synchronization Services, Authentication GW Services, People &
Organization Discovery Services, Enclave Attribute Services, and DoD Visitor
SSA: Enterprise Perimeter Protection, Base Area Network(ICAN), and Enterprise IA Security
CDC: Core Data Center, Installation Process Node (IPN), and Installation Services Node (ISN)
NNT: Wide Area Network (WAN), SATCOM Gateway, and Mobility Gateway
Unified Capabilities
EOC/OOB Instrumentation
SUPPORT THE WARFIGHTER
EC RA
Provide Strategic
Purpose,
Principles,
Patterns, Technical
Positions and
Vocabulary for
Solution
In progress Architecture
development
Acronym Key
IEA – Information Enterprise Architecture
JIE EA – Joint Information Environment Enterprise
Architecture
EANCS – Enterprise-wide Access to Network and
Collaboration Services
ADO – Active Directory Optimization
CDC – Core Data Center
SSA – Single Security Architecture
UC – Unified Capabilities
IdAM – Identity and Access Management
EOC – Enterprise Operations Center
EC – Enterprise Cloud
NNT – Network Normalization and Transport
OOB – Out Of Band
12
12. DoD CIO
UNCLASSIFIED
JIE Way Ahead
• Continue to leverage COCOMs, Services and Agencies IT
initiatives to achieve end-state
• Drive implementation and execution actions necessary to
deliver capabilities
o
Acquire via component normal tech refresh process to standards and
architectures defined as JIE norms
• Improve IT Budget transparency to align spend
• Develop and deploy policies, procedures, oversight, and
culture that enables info sharing
• Accelerate initiatives where feasible to move effort forward
• Consolidate/standardize elements of networks to more
effectively defend them and confront threats with agile
information sharing
SUPPORT THE WARFIGHTER
13
14. DoD CIO
UNCLASSIFIED
Sophistication of
available tools is
GROWING
Growth of the Cyber Threat
?
High
Sophistication
Sophistication
required
of Actors is
DECLINING
sophisticated C2
cross site scripting
“stealth” / advanced scanning techniques
packet spoofing
sniffers
denial of
service
sweepers
staging
Distributed attack tools
www attacks
automated probes/scans
graphic user interface
back doors
disabling audits
“Cyberspace is real.
And so are the risks
that come with it.”
-President Obama,
29 May 09
exploiting known vulnerabilities
password cracking
self-replicating code
password guessing
1980
1985
?
network mgmt. diagnostics
hijacking sessions
burglaries
Low
phishing
1990
1995
2000
SUPPORT THE WARFIGHTER
2010
2015
15
15. DoD CIO
UNCLASSIFIED
Defending DoD Networks & Systems: Cyber
Strategic Choices for 2020
Shift to Proactive
Cyber Defense
Operations
Deliver Adaptable
Cyber Defense
Solutions
Enhance Cyber
Situational Awareness
and Partnering
Fully employ
active cyber defense
Architect a defensible
information
environment
Improve the cyber
sensing infrastructure
Provide forces to
maneuver and
influence
Strengthen data
defenses
Harness the power of
Big Data analytics
Mitigate all phases of
cyber aggression
Engineer
unpredictable
defenses
Implement a multimission cyber
operational picture
Institutionalize
cyber threat-based
engineering &
acquisition
Capitalize on the
strengths of publicprivate partnerships
Defend beyond DoD
boundaries
Assure Survivability
against Catastrophic
Cyber Attacks
High priority mission
areas
Prepare for success
against large-scale
cyber- attack
S P P O R T H W A R F I Mission
Focusing CyberUDefense TonEAssuredG H T E R Execution
16
16. DoD CIO
UNCLASSIFIED
JIE Security Architecture Overview
The intent of the security architecture is to:
•
Create a coherent, uniform and standards-based security construct
o
Uniform Service/Capability Delivery
o
Ability to Standardize Ingress/Egress connectivity as well as O&M processes
•
Improve Performance of Security
o
Provide full security suite capability to every Base / Post / Camp / Station
o
Fill known holes in the current security architecture
o
Provide full visibility, move away from standalone to an enterprise security solution
o
Reduced lateral movement beneath the Regional Security Stacks
o
Enclave boundaries clearly defined and centrally managed
o
Provide a Security Infrastructure that is Always On, Always Connected
•
Improve Cost of Security
o
Cost avoidance associated with life-cycle of hardware, eliminate localized Security Stacks, by
delivering the same services through 11 Centralized Security Stacks.
o
o
Cost avoidance associated with scaling to meet emerging requirements
o
1/24/2014
Cost avoidance associated with operations and maintenance
No new hardware simply add virtual instances
SUPPORT THE WARFIGHTER
17
17. DoD CIO
UNCLASSIFIED
JIE SSA Architecture Overview (V2.0)
• JIE Single Security Architecture team delivered the JIE SSA
RA Version 2.0 and receiving comments from the Architecture
Working Group (AWG)
– Enterprise Perimeter Protections
– NIPR & SIPR
– Cross Domain Security
– Common Network Interfaces
– CND views
• Version 3.0 will include Mission Partner Environment (MPE),
SATCOM, UC, and IdAM
1/24/2014
SUPPORT THE WARFIGHTER
18
18. DoD CIO
UNCLASSIFIED
What actions are we taking?
• Evolving DoD’s defenses:
o
o
o
o
Standardization and consolidation of the
infrastructure
Layering defenses
Deploying identity tools – PKI all network
domains
Improving monitoring
• Multiple efforts to contain, dampen, detect,
diagnose, and respond to successful or
partially successful cyber intrusions and
attacks include:
o
o
Network hardening
Moving toward more automation via continuous
monitoring
SUPPORT THE WARFIGHTER
19
19. DoD CIO
UNCLASSIFIED
DoD Mobility Strategy
• DoD Mobile Device Strategy, Jun 2012
• DoD CMD Implementation Plan, Feb 2013
• Mobility STIGs (iOS, Android, BB), May 2013
• Commercial Classified Solution (Secret), May 2013
• DISA MDM/MAS award, Jun 2013
• Defense Enterprise Email, Sept 2013
• DoD Enterprise MDM and Mobile App Storefront, Dec 2013
• Commercial Classified Solution (Top Secret), May 2013
• Modified CMD Security Approval Process, July 2014
• SME PED end-of-life, Dec 2014
SUPPORT THE WARFIGHTER
20
20. DoD CIO
UNCLASSIFIED
DoD Mobility Strategy & Implementation
Plan
Mobile Device
Policies and
Standards
Promote the
development
and User of
DoD Mobile &
Web-Enabled
Apps
An enterprise
Mobility
services for
Classified &
Unclassified
capabilities
DoD
Mobility
Strategy
NEW
SPEC
?
MAM
MAS
MDM
Business
Case
Analysis
CAC/PIV 2012 Integration
MDM/MAS
Award
BYOD
TBD
FY13
FY14
FY15 - 17
FY17 - Beyond
Enterprise Solution
Information
Enterprise
Infrastructure
to support
Mobile
Devices
BCA – Business Case Analysis
BYOD – Bring Your Own Device
CMD – Commercial Mobile Device
DoDI – DoD Instruction
MAM – Mobile Application Management
MAS – Mobile Application Store
MDM – Mobile Device Management
MILDEP – Military Department
PIV – Personal Identity Verification
SME PED – Secure Mobile Environment Portable Electronic Device
Expedite
Approval
Process
CMD Pilot
Consolidation
DoDI
8100.02
Mobility
Gateways
FY13-14
DoD CIO
Consolidation
Plan
Phase-out
SME PED
Federal
Digital
Strategies
New
Classified
Capability
Federal
Standards
SUPPORT THE WARFIGHTER
Primary
Communication for
ROUTINE DoD
Users is Wireless
Technology
Insertion
21
21. DoD CIO
UNCLASSIFIED
Challenge: Rapidly Changing Spectrum Use
Battlefield
Training/Testing
• Constraining Regulatory
Environment
• Cyber warfare
•Mobility Strategy
•More unmanned systems
• More powerful radars to
combat stealthier threats
• Increasing data rates
• Connectivity to lower
echelons
Increasingly
Contested &
Congested
• Repurposing/Spectrum Sharing
• Auctions of Federal
spectrum in US
• Reallocation of military
spectrum in host nations
Wireless Industry
Mobile International Coalition
• Jamming
• Exponential increase in
wireless devices worldwide
DoD’s exclusive access to spectrum WILL BE reduced and challenged
– in US and overseas spectrum sharing and co-use is a certainty
SUPPORT THE WARFIGHTER
22
22. DoD CIO
UNCLASSIFIED
Response: DoD Electromagnetic Spectrum Strategy
Vision: Spectrum access when and where needed to achieve mission success
Goal 1: Increase
efficiency,
flexibility, and
adaptability
•
•
•
•
Spectrum
Operations
Goal 2: Increase
agility
• Develop near real-time spectrum operations
• Advance ability to mitigate interference
• Modify policy, regulation and standards to allow agile spectrum
operations
Spectrum
Regulation
and Policy
Goal 3: Sharpen
responsiveness
• Reform DoD’s ability to assess regulatory/policy proposals
• Expand DoD participation in regulatory/policy discussions
• Institutionalize DoD’s ability to adapt to regulatory/policy changes
Spectrum
Dependent
Systems
Expedite development of spectrum efficient and flexible technologies
Accelerate sharing technologies
Adopt commercial services where feasible
Strengthen enterprise oversight
• A paradigm shift - Improvements to spectrum management and spectrum efficiency are necessary,
but not sufficient - spectrum access through sharing is required to increase DoD’s spectrum access
opportunities
• Advancements in technology and associated policy/regulations are needed
• Required for success: Collaboration/partnerships AND Leadership/ Accountability
Working toward “win-win” for DoD, other federal users, and the wireless industry
SUPPORT THE WARFIGHTER
23
23. DoD CIO
UNCLASSIFIED
How can you Help?
• Ask hard questions…propose answers in the context of
our problem set
• Leverage your best and brightest
• Help us find lasting, innovative solutions
• Be part of our success
Collaboration – Key to conquering our challenges
SUPPORT THE WARFIGHTER
24