Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Robert J. Carey
Principal Deputy Chief Information Officer Department of Defense 4 April 2012
Agenda g
Context
DoD FY13 budget
A Challenge Challenge
The warfighter expects and deserves secure access to information from any device, anywhere, anytime
5
5
TheU.S.jointforcewillbesmaller,andit willbeleaner. Butitsgreatstrengthwillbe ill b l i h ill b thatitwillbemoreagile,moreflexible, readytodeployquickly,innovative,and technologicallyadvanced. Thatistheforce technologically advanced That is the force forthefuture.
SecretaryPanetta
DefenseSecurityReview,5Jan12
IT Systems
Mobile devices
Total IT Budget
> $37 Billion in FY13 > $20.8 Billion in IT Infrastructure > $3.4 Billion for Cyber Security ~ 250, 000 Blackberries ~ 5000 iOS Systems ( y (Pilots) ) ~ 3000 Android Systems (Pilots)
Unparalleledsize,scope,diversityandcomplexity
7
Service
Army Navy y AirForce DISA DefWide Total
Infrastructure
5,708.255 4,749.012 , 2,955.047 4,584.421 2,776.042 20,772.777
Non-Infrastructure
4,090.545 2,730.733 , 3,243.993 886.400 5,274.285 16,225.956
Total
9,798.800 7,479.745 , 6,199.040 5,470.821 8,050.327 36,998.733
(dollars in billions)
700.0
689.1 649.6
604.5 600.0 536.4 502.7 500.0 456.3 433.0 400.0 355.3 307.1 300.0 526.0 533.5 545.9 555.9 567.3
200.0
100.0 22.9 0.0 FY01 FY02 FY03 FY04 FY05 FY06 FY07 FY08 DoDTOA FY09 FY10 ITBudget FY11 FY12 FY13 FY14 FY15 FY16 FY17 24.1 27.3 28.5 31.7 34.1 34.4 37.0 37.3 37.8 38.7 37.5 37.0 36.5 36.5 35.4 34.2
Source: DoD TOA FY13 Future Year Defense Plan (FYDP) IT Budget FY13 IT Presidents Budget Submission (SNaP-IT)
Hundredsofsuboptimaldatacenters andnetworksincurunnecessarycosts
ITProgramsaverage81Months* Cannotrapidlyandefficientlyfield Cannot rapidly and efficiently field newtechnologytomeet warfighter needs
10
Stovepipes to Enterprise pp p
From:
Unique q Local Proprietary Huge H Inaccessible Disparate Disparate CylindersofExcellence Vulnerable Slow
To:
Common Global Open Modular Interoperable Homogeneous Standardized Secure Agile/Innovative
Theonlywaytotransformistodemandthelevelof standardizationandcommonalityrequiredtoworktogether
11
Efficiency
Reduce duplication in the DoD IT Infrastructure, and I f t t d deliver significant efficiencies across the Department
Cyber C b Security
Improve the security of DoD networks and information from all threats
Consolidateinfrastructuretobetteroperateanddefend12
15
DoD IT Modernization
FY12
Consolidate Data Centers p Network Optimization Consolidated Network Ops Centers Replace legacy phone switches R l l h it h Reduce reliance on PCs Consolidate H/W and S/W Procurement Reduce duplicative IT staff Purchase Green IT to reduce energy use
Plan of Action & Milestones (POA&M) Rough Order of Magnitude (ROM): TBD Desktop PCs Multiple Contracts
90 360 days
~FY17
~800 Duplicative 65
$37B
$????
16
17
Service Consolidation
The ITESR will consolidate computing services p g into three types of facilities
Enterprise Computing Center (ECC)
Complies with enterprise-level standards and hosts p p applications from any DoD component based on service-level agreements
18
Time
Time
DemandforComputingCapacity
Demand
CommercialOpportunities
Compute Capacity
Compute Capacity
Time e
Atsomepoint,demandwillsurpass existingcapacityofDoDfloorspace Commercialfacilitiesandnew Commercial facilities and new modulardatacentersmayprove moreadvantageousthaninvesting inolder,lessefficientDoD in older less efficient DoD DataCenters
19
StrengthenGovernancetoImproveEffectivenessofEnterpriseArchitecture
ClingerCohenActComplianceandinteroperability achievedviaCIOparticipationinMilestoneReviews
Transitionfromdocumentbasedprocesstoone supportingITinvestmentdecisions
20
DeployedEnvironment
Computing Mission Applications
Data
EnterpriseInformationEnvironment E i I f i E i
APEX Navy ERP AT21 DCO AFATDS
Computing
Close Combat TM iEHR Enterprise Email Airman Defense Travel Fundamentals
Data
Applications
EnterpriseInformationEnvironment
Home
Work
??
Futuredevices
DoDmustchange D D t h
22
Deployed Environment
MissionApplications Computing p g Data
EnterpriseInformationEnvironment
Computing C ti
Close Combat TM iEHR Enterprise Email Defense Travel Airman Fundamentals
Data
Applications
EnterpriseInformationEnvironment
Home
Work
Mobile (TDY/Deploy)
??
Futuredevices
Accessatthepointofneed
23
COCOM User
Service/Agency User
ISAF/Coalition User
Our Approach
Build Joint Information Enterprise Architecture ruthlessly enforce during budget process
Produce milestones to drive implementation
Separate server computing from end-user computing p p g p g data centric security Optimize support software Provide common applications and migrate into standardized environment CodifiedintheDoDITEnterpriseStrategyandRoadmap
25
Improvedusersatisfactionand missionsuccess
Improvedsecuritytoreduce cyberthreats
Decisionagilitytomeetwarfighterneeds
27
Cyber Security y y
Weareincreasinglyvulnerableasnew gy technologiesemerge Threatisindirectandmultifaceted
Advancedpersistentthreat(APT)
Currentenvironmentisindefensible
Reduce complexity and scope to be more Reducecomplexityandscopetobemore defensible Reduceattacksurface
Cybersecurityvulnerabilitiesthreaten Cybersecurity vulnerabilities threaten toexploitclassifiedinformationand endangermissionsuccess
Itisuptous tofindopportunities
29
31
Each capability is achieved through a set of roadmap task areas related to policy, governance, and technical implementation Near-term outcome Near term o tcome for the DoD IT Enterprise Strateg and Roadmap (ITESR) create the core IdAM infrastructure to pro ide the common Strategy infrastr ct re provide foundation for these capabilities
32
Mobility: Innovation
33
DoDwillleveragecommercialinnovation
34
g Win7tabletwithintegrated smartcardreader
ApprovediOS 5ISCGwill providelimiteduseofiOS 5 devices Approvedonlyfornon Approved only for non sensitiveusecase
35
UseCases
Publiclyreleasable information
128BitAESSuite 256BitAESSuite B/Type1 / yp B/Type1 / yp FIPS1402L2 FIPS1402L3 TEMPEST TEMPEST Antitamper Antitamper
Transport
ValidatedApps ApplicationAuthorization CentralizedAppStore Interoperableaccess R d d Redundancy Crossdomainsupport PriorityAccess Gateway(s)toC2Networks Ruggedizeddevice Delaytolerantnetworking SAASM TRANSEC AntiJam Spectrum Interoperability Phaseofconflict Removaloffixed infrastructurevulnerability
Executive
Tactical Support
36
iOS
Confidentiality Availability Integrit ty
Ris sk
RiskMitigatingCapabilities
1.)MobileDeviceManagement 1 ) M bil D i M t 2.)EncryptedDatainTransit 3.)EncryptedDataatRest 4.)PKI/MutualAuthentication 5.)Auditing/Logging
LossofDevice Datarecoveredbyunauthorizedparty PassiveData Passive Data Evesdropping(dataorvoice) Collection Collectionovertheair Collectionoverthenetwork VulnerableApp TheftofCredentials ActiveData Malware Collection C ll i Tracking Loss/TheftofDevice Theft/Misuseof TheftofServices Services AbuseofServices Ontheflymanipulation DatainTransit Masqueradedservice Masqueraded service Software DataonHost Hardware DataonService Datarecoveredbyunauthorizedparty GPS MobileCarrier Jamming WiFi Malware MobileCode DenialofService VulnerableApps VulnerableOS Flooding UnintentionalLoss LossofData Malware
37
STIG Approval / Risk 1. Application store to support the Threshold secure provisioning and distribution of WinMobilew/GOOD vetted applications to DoD users Win7TabletPC
BlackBerry SMEPED
RiskMitigatingCapabilities
1.)MobileDeviceManagement 1 ) M bil D i M t 2.)EncryptedDatainTransit 3.)EncryptedDataatRest 4.)PKI/MutualAuthentication 5.)Auditing/Logging
2. Training for DoD general users and senior officials 3. DoD Internet proxy service
38
LossofDevice Datarecoveredbyunauthorizedparty PassiveData Passive Data Evesdropping(dataorvoice) Collection Collectionovertheair Collectionoverthenetwork VulnerableApp TheftofCredentials ActiveData Malware Collection C ll i Tracking Loss/TheftofDevice Theft/Misuseof TheftofServices Services AbuseofServices Ontheflymanipulation DatainTransit Masqueradedservice Masqueraded service Software DataonHost Hardware DataonService Datarecoveredbyunauthorizedparty GPS MobileCarrier Jamming WiFi Malware MobileCode DenialofService VulnerableApps VulnerableOS Flooding UnintentionalLoss LossofData Malware
Ris sk
Questions? Q ti ?
Robert J. Carey
Principal Deputy Chief Information Officer Department of Defense Robert.carey@osd.mil
Blackberry p y pictures
41
10Feb 10 Feb
Delivered
29Feb 29 Feb
Delivered
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec Dec*
Army
31500
Delivered
14500
Delivered
40000
Delivered
40000
32500
15500
Navy
5000
10500
22500
22500
22500
22500
22500
22500
150500
22500
173000
AirForce
9000
20000
22500
22500
22500
22500
22500
22500
164000
22500
186500
Marine Corps
2500
2500
2500
2500
2500
2500
2500
2500
20000
2500
22500
Agencies
0
Delivered Delivered
0
Delivered Delivered
0
Delivered Delivered
1000
1500
2500
2500
2500
2500
2500
2500
17500
2500
20000
Total
31500
14500
40000
40000
50000
50000
50000
50000
50000
50000
50000
50000
526000
50000*
576000
*DecemberdeliverieswillbeprocuredwithFY13Procurementfunds. AfterFebruary2012,tokendeliverieswillbemadeonthelastbusinessdayofthemonth. After February 2012, token deliveries will be made on the last business day of the month.
43
SIPRNetTokensReceived
109,105 16,500 10,887 15,000 800 7,610 7 610 3,000 50 100 900 500 705 5,470 5 470
SIPRNetTokens Enrolled/Issued
27,583 4,467 5,794 6,211 548 2,958 2 958 712 46 1 356 0 19 3,504 3 504 6,897 484 44
*IssuingorganizationnotcurrentlyidentifiedintheTokenManagementSystem
120,000
100,000 81,990 80,000 63,662 60,000 47,741 40,000 29,189 20,000 49,260 31,320 51,928 54,723 57,675 40,499 42,660 45,647 48,184 50,279 53,820 56,876 84,600 84,600 84,600 84,600 84,600 84,600 69,282 84,600 73,852 74,727 76,745 79,078 79 078 80,557 81,302 , 82,510 85,460
88,094
59,550
32,185
32,986
34,049
35,531
36,790 36 790
38,261 38 261
2/3/12
3/2/12
3/9/12
3/16/12 3/23/12
TotalFormattedandIssued
45
Da ataCenter rs
~100
2014 2016 ~2018
46
Time