Innovation to Achieve the D D th DoD Joint Information Environment

Robert J. Carey
Principal Deputy Chief Information Officer Department of Defense 4 April 2012

Agenda g
Context
DoD FY13 budget

IT Enterprise Strategy and Roadmap

Joint Information Environment

Cyber security Mobility y

IT is Central to the DoD Mission

A Challenge Challenge

The warfighter expects and deserves secure access to information from any device, anywhere, anytime

and this is HOW & WHERE we fight

5
5

POTUS: DoD will be Agile g

Ourmilitarywillbeleaner,buttheworld mustknowtheUnitedStatesisgoingto maintainourmilitarysuperioritywith maintain our military superiority with armedforcesthatareagile,flexibleand readyforthefullrangeofcontingenciesand threats.
PresidentObama

TheU.S.jointforcewillbesmaller,andit willbeleaner. Butitsgreatstrengthwillbe ill b l i h ill b thatitwillbemoreagile,moreflexible, readytodeployquickly,innovative,and technologicallyadvanced. Thatistheforce technologically advanced That is the force forthefuture.
SecretaryPanetta
DefenseSecurityReview,5Jan12

DoDs Cyber Footprint How Big?

DoD IT User Base
~1.4 million active duty ~750,000 civilian personnel ~1.1 million National Guard and Reserve 5.5+ million family members and military retirees

IT Systems

>>10,000 operational systems

(20% mission critical)

~800 data centers ~65,000 servers ~7+ million computers and IT

devices

146 + countries 6,000 + locations 600,000 + buildings and

structures

Thousands of networks/enclaves Thousands of email servers,

firewalls, proxy servers, etc.

Mobile devices
Total IT Budget
> $37 Billion in FY13 > $20.8 Billion in IT Infrastructure > $3.4 Billion for Cyber Security ~ 250, 000 Blackberries ~ 5000 iOS Systems ( y (Pilots) ) ~ 3000 Android Systems (Pilots)

Unparalleledsize,scope,diversityandcomplexity
7

FY13 IT Presidents Budget Estimates

Total DoD IT Budget ~$37.0 Billion
Non-Infrastructure (Systems Acquisition) $16.2 Billion 44%

Infrastructure $20.8 Billion 56%

DoD Infrastructure Budget D D IT I f t t B d t $20.8 Billion

Infrastructure Supt $1.1 $1 1 Billion 5% Battle space Networks $4.4 Billion 21%

Information Management $7.5 Billion 36%

Total DoD Budget: ~$525 B IT Budget Remains ~7%

(dollars in millions)

Infrastructure Maintenance $7.8 Billion 37%

Service
Army Navy y AirForce DISA DefWide Total

Infrastructure
5,708.255 4,749.012 , 2,955.047 4,584.421 2,776.042 20,772.777

Non-Infrastructure
4,090.545 2,730.733 , 3,243.993 886.400 5,274.285 16,225.956

Total
9,798.800 7,479.745 , 6,199.040 5,470.821 8,050.327 36,998.733

DoD Cyber Budget: D DC b B d t ~$3.4 Billion

8

FY13 Presidents Budget Estimates

800.0

(dollars in billions)

700.0

691.8 669.3 665.9

689.1 649.6

604.5 600.0 536.4 502.7 500.0 456.3 433.0 400.0 355.3 307.1 300.0 526.0 533.5 545.9 555.9 567.3

200.0

100.0 22.9 0.0 FY01 FY02 FY03 FY04 FY05 FY06 FY07 FY08 DoDTOA FY09 FY10 ITBudget FY11 FY12 FY13 FY14 FY15 FY16 FY17 24.1 27.3 28.5 31.7 34.1 34.4 37.0 37.3 37.8 38.7 37.5 37.0 36.5 36.5 35.4 34.2

DoD TOA IT Budget IT as a % of TOA

FY01 307.1 22.9 7%

FY02 355.3 24.1 7%

FY03 433.0 27.3 6%

FY04 456.3 28.5 6%

FY05 502.7 31.7 6%

FY06 536.4 34.1 6%

FY07 604.5 34.4 6%

FY08 669.3 37.0 6%

FY09 665.9 37.3 6%

FY10 691.8 37.8 5%

FY11 689.1 38.7 6%

FY12 649.6 37.5 6%

FY13 526.0 37.0 7%

FY14 533.5 36.5 7%

FY15 545.9 36.5 7%

FY16 555.9 35.4 6%

FY17 567.3 34.2 6%

Source: DoD TOA FY13 Future Year Defense Plan (FYDP) IT Budget FY13 IT Presidents Budget Submission (SNaP-IT)

Current DoD IT Environment

Hundredsofsuboptimaldatacenters andnetworksincurunnecessarycosts

Limitedinteroperabilityreduces informationsharingandcollaboration onmissionthreats

Increasingdemandfornewtechnology onrapidly evolvingdevices

ITProgramsaverage81Months* Cannotrapidlyandefficientlyfield Cannot rapidly and efficiently field newtechnologytomeet warfighter needs

Cybersecurityvulnerabilitiesthreaten toexploitclassifiedinformationand endangerournationalsecurity

CurrentITdeliveryprocesshindersour abilitytotakeadvantageofnew commercialtechnology

* Source: Defense Science Board

10

Stovepipes to Enterprise pp p
From:
Unique q Local Proprietary Huge H Inaccessible Disparate Disparate CylindersofExcellence Vulnerable Slow

To:
Common Global Open Modular Interoperable Homogeneous Standardized Secure Agile/Innovative

Theonlywaytotransformistodemandthelevelof standardizationandcommonalityrequiredtoworktogether
11

DoD IT Enterprise Strategy and Roadmap

Effectiveness
Improve mission effectiveness and combat power throughout the Department

Efficiency
Reduce duplication in the DoD IT Infrastructure, and I f t t d deliver significant efficiencies across the Department

Cyber C b Security
Improve the security of DoD networks and information from all threats

Consolidateinfrastructuretobetteroperateanddefend12

Audience for the ITESR

OSD MILDEPs DISA NSA COCOMs USCYBERCOM Industry partners Congress
13

Enablers Big Rocks g

Common Architecture
DoD Top Level Architecture Implementation Guidance

Common Identity Management and Attribute-based Access Control

Authentication, Identity, Attributes, Authorization/Enforcement, Audit D D D t A th ti ti and T DoD Data Authentication d Tagging i

Common Enterprise Services Approach

DoD Foundation, Common and Shared Mission Services DoD Core, Regional, Installation, and Deployable Data Centers

Common / Single DoD Governance Framework

Financial Planning and Execution Development Configuration Management Standard Operating Procedures Compliance
14

ITESR Initiative Areas

Network services: services (including hardware, ( g software and labor) that provide communications Computing services: services that process, store and access information Application and data services: common shared applications, services and processes End-user services: services that enable end users to access information locally, via the network IT business processes: p p processes used to p procure hardware, , software and services needed to operate and maintain the DoD IT infrastructure

15

DoD IT Modernization
FY12
Consolidate Data Centers p Network Optimization Consolidated Network Ops Centers Replace legacy phone switches R l l h it h Reduce reliance on PCs Consolidate H/W and S/W Procurement Reduce duplicative IT staff Purchase Green IT to reduce energy use
Plan of Action & Milestones (POA&M) Rough Order of Magnitude (ROM): TBD Desktop PCs Multiple Contracts
90 360 days

~FY17

~800 Duplicative 65

<100 Federated/ Enterprise E t i 25 Unified Communications Client-Based Technology Enterprise Contracts

10 60 days

Bottom Line: DoD IT Annual Budget

$37B

$????
16

Establish Common IT Infrastructure

StandardizeandOptimize EnterpriseNetworks Enterprise Networks CreateCloudStrategies andStandards and Standards StandardizeHardwareand SoftwarePlatforms Software Platforms

Consolidatedatacenters Consolidateoperationsand f k managementofnetwork infrastructure Integrateandcapitalizetest andintegrationcenters C Consolidateenduserservices lid d i (email,collaboration)

DevelopDoDstrategyfor movingtothecloud Migrateservicestoprivateor i i i publicclouds

DevelopstandardDoD platformandgovernance M d Mandatenewprograms,use standardplatforms Transitionongoingprogramsto standardplatforms

17

Service Consolidation
The ITESR will consolidate computing services p g into three types of facilities
Enterprise Computing Center (ECC)
Complies with enterprise-level standards and hosts p p applications from any DoD component based on service-level agreements

Area/Regional Processing Center (A/RPC)

D D collaborates with COCOM t d i DoD ll b t ith COCOMs to designate A/RPC t h t t A/RPCs to host systems with either a primary or back-up instantiation in a particular location for technical, operational or financial reasons

Installation Processing Center (IPC)

An installation may utilize an IPC to host systems with a local instantiation for technical, operational or financial reasons

18

Additional Cloud Computing Capacity

DataCenters PhysicalServers
Numbers N b Numbers N b

Time

Time

DemandforComputingCapacity
Demand

CommercialOpportunities

Compute Capacity

Compute Capacity

Time e

Computecapacityincreasingthrough: increasingCPUutilization,virtualization,Moores Lawandapplicationreconciliation

Atsomepoint,demandwillsurpass existingcapacityofDoDfloorspace Commercialfacilitiesandnew Commercial facilities and new modulardatacentersmayprove moreadvantageousthaninvesting inolder,lessefficientDoD in older less efficient DoD DataCenters
19

DoD CIO Will Align IT Processes and Policies

LeverageCommodityPurchasing StrengthenCybersecurity

ImplementstrategicsourcingforcommodityIT Establish DoD Commodity Council EstablishDoDCommodityCouncil

Integratesecurityandoperationsmanagement Leverageautomatedtools MandateDoDwideC&Areciprocity

StrengthenGovernancetoImproveEffectivenessofEnterpriseArchitecture

ClingerCohenActComplianceandinteroperability achievedviaCIOparticipationinMilestoneReviews

Transitionfromdocumentbasedprocesstoone supportingITinvestmentdecisions
20

The Way Ahead y

Afford secure access to information for the warfighter from any device Consolidate/standardize elements of networks to more effectively defend them and confront threats with agile information sharing Embed policies, procedures, oversight, and culture that enable info sharing Leverage extensive and unprecedented capabilities afforded by the Information Age Partner with industry to deliver national security in cyber space Wearecreatingaccessfromanydevice,anywhere,anytime
21

Joint Information Enterprise End State

From This: To This:
Coalition Forces

DeployedEnvironment
Computing Mission Applications
Data

EnterpriseInformationEnvironment E i I f i E i
APEX Navy ERP AT21 DCO AFATDS

Computing
Close Combat TM iEHR Enterprise Email Airman Defense Travel Fundamentals

Data

Applications

EnterpriseInformationEnvironment

Home

Work

Mobile M bil (TDY/Deploy)

??
Futuredevices

DoDmustchange D D t h
22

Joint Information Enterprise End State

Coalition Forces

Defensibility/Redundancy/Resiliency Federation/SharedInfrastructure EnterpriseServices p IdentityAccessManagement Cost:????

APEX Navy ERP AT21 DCO AFATDS

Deployed Environment
MissionApplications Computing p g Data

EnterpriseInformationEnvironment

Computing C ti
Close Combat TM iEHR Enterprise Email Defense Travel Airman Fundamentals

Data

Applications

EnterpriseInformationEnvironment

Home

Work

Mobile (TDY/Deploy)

??
Futuredevices

Accessatthepointofneed
23

Future Security State y

COCOM User

Service/Agency User

ISAF/Coalition User

DataTaggedandWrapped IdentityAccessManagement Federated/EnterpriseNetwork EnablesC2CyberOps Enables C2 Cyber Ops

24

Our Approach
Build Joint Information Enterprise Architecture ruthlessly enforce during budget process
Produce milestones to drive implementation

Optimize information, networks, and hardware

Application normalization, standardization and rationalization pp , Data Center Consolidation Security Architecture standardization and optimization

Separate server computing from end-user computing p p g p g data centric security Optimize support software Provide common applications and migrate into standardized environment CodifiedintheDoDITEnterpriseStrategyandRoadmap
25

Future DoD IT Environment

Reducedcosts fordatacenters andapplications

Improvedinteroperability for bettercoordinationand collaboration

Improvedusersatisfactionand missionsuccess

Faster,moreresponsive Faster, more responsive capabilitydeliveriesto Warfighters

Improvedsecuritytoreduce cyberthreats

Fasteradoption ofcommercial ITbreakthroughs

26

Realizing the JIE Means g

Faster delivery of capability to y p y warfighters Innovative solutions for warfighters Improved efficiencies Secure information capability

Decisionagilitytomeetwarfighterneeds
27

Cyber Security y y
Weareincreasinglyvulnerableasnew gy technologiesemerge Threatisindirectandmultifaceted
Advancedpersistentthreat(APT)

Currentenvironmentisindefensible
Reduce complexity and scope to be more Reducecomplexityandscopetobemore defensible Reduceattacksurface
Cybersecurityvulnerabilitiesthreaten Cybersecurity vulnerabilities threaten toexploitclassifiedinformationand endangermissionsuccess

Mobilitypresentsapotentialincrease intheattacksurface $3 4B investment $3.4Binvestment

28

Todays Discussion: DoDs Direction

Itisuptous tofindopportunities
29

Five Pillar Cyber Strategy Alignment y gy g

Treat cyber space as an operational domain
Partnership between NSA, DISA and USCYBERCOM Train like you fight
Soccernot Football

Employ new defense operating concepts

DoD introducing sensors, software and heuristic features to detect and stop malicious g p code and actors
HBSS and movement toward continuous monitoring Act at machine speed vice analyst speed

Partner with public and private sectors

Using DARPA to work with industry Partnership with DHS to support and defend critical information infrastructure DIB Information Sharing program

Build international partnerships

Information sharing between the US and NATO Work with Afghanistan government to rebuild and secure infrastructure

Leverage talent and innovation

Information Assurance Scholarship Program OSD Science, Technology Engineering and Math Scholarship Program Science Technology, Teach the Cyber workforce the soccer aspect of this domain
30

Identity and Access Management (IdAM)

Enterprise Approach to Core IdAM Functions p pp
Digital IdentityCredentialingAuthorizationAuthentication Balance secure information sharing and insider threat mitigation

Key IdAM Initiatives

PK Enablement (PKE) of SIPRNet underway
Cryptographic logon, system access, data access

Enterprise access control role and attribute based

automated account provisioning DMDC DEERS authoritative database for our Id tit and persona Identity d

31

IdAM High-Level Capability Model

Each capability is achieved through a set of roadmap task areas related to policy, governance, and technical implementation Near-term outcome Near term o tcome for the DoD IT Enterprise Strateg and Roadmap (ITESR) create the core IdAM infrastructure to pro ide the common Strategy infrastr ct re provide foundation for these capabilities

32

Mobility: Innovation

33

Mobility DoD CMD Strategy y gy

Vision:Allowthewarfighterthepowerto connecttotheinformationresourcesthey y need fromanydevice at anytime atanytime fromanywhereintheworld Outcome:TheDoDInformationEnterprise willenableuserstoconnect,identify themselves,accessservices,findandshare information,andcollaborateasneededfor themissionathand.

DoDwillleveragecommercialinnovation
34

CMD Pilots/Initiatives Summary y

Motorola DroidPro Droid Pro (NSA Fishbowl/ TIPSpiral) Fujitsu Q550 RIM Playbook

Androiddeviceforuse withFishbowl(TIPSpiral) Conceptdeviceto provide s/VoIPuptoTS

Modified iPad1 (SiPad)

g Win7tabletwithintegrated smartcardreader

pp USMCapproveduseof PlayBook whilein BlackBerrybridgemode

DellStreak5 phone (AndroidSTIG)

Apple iPhone/ iPad (iOS 5ISCG)

Wirelesscapabilities physicallyremovedfrom iPad1tocreateane readerforclassified documents

Dellcreatedacustom Android2.2OStoadd securitycapabilitiesforthe developmentoftheDell Android2.2approvedISCG STIGapproved11/8/2011

ApprovediOS 5ISCGwill providelimiteduseofiOS 5 devices Approvedonlyfornon Approved only for non sensitiveusecase
35

DoD CMD Requirements

Classification Requirements
NonEnterprise Activated CUI(U/FOUO) 128bitAES Encryption yp FIPS1402L1 SECRET TOPSECRET

TheDoDCMD Strategyconsiders thetypeofuserand theclassificationof datawhendeploying aCMDarchitecture.

UseCases

Publiclyreleasable information

128BitAESSuite 256BitAESSuite B/Type1 / yp B/Type1 / yp FIPS1402L2 FIPS1402L3 TEMPEST TEMPEST Antitamper Antitamper

MobileDevice Management No DoDNetworks NetworkControl

Auditing DataatRest/Dataintransitencryption Remotewipe Strongauthentication CMDperipheralcontrol(Camera/GPS/WiFi/etc.)

Transport

Broadbandservice QoS Lowlatency High availability Highavailability Robustcellularroaming/persistentconnectivity

Enterprise MissionCritical wide Services

Application Management Gateways G t Approved CommercialApps ApplicationControl

ValidatedApps ApplicationAuthorization CentralizedAppStore Interoperableaccess R d d Redundancy Crossdomainsupport PriorityAccess Gateway(s)toC2Networks Ruggedizeddevice Delaytolerantnetworking SAASM TRANSEC AntiJam Spectrum Interoperability Phaseofconflict Removaloffixed infrastructurevulnerability

Inadditiontoenterprisewide requirements,tactical supportusersrequireunique hardware,spectrum, infrastructure,and networkingrequirements.

Executive

Tactical Support

36

Mobility Risk and Specific CMD Threats

ThreatstoEnterpriseMobileDevices

iOS
Confidentiality Availability Integrit ty

Android iOSw/GOOD Androidw/GOOD

Ris sk

STIG Approval / Risk Threshold

WinMobilew/GOOD Win7TabletPC BlackBerry SMEPED

RiskMitigatingCapabilities
1.)MobileDeviceManagement 1 ) M bil D i M t 2.)EncryptedDatainTransit 3.)EncryptedDataatRest 4.)PKI/MutualAuthentication 5.)Auditing/Logging

LossofDevice Datarecoveredbyunauthorizedparty PassiveData Passive Data Evesdropping(dataorvoice) Collection Collectionovertheair Collectionoverthenetwork VulnerableApp TheftofCredentials ActiveData Malware Collection C ll i Tracking Loss/TheftofDevice Theft/Misuseof TheftofServices Services AbuseofServices Ontheflymanipulation DatainTransit Masqueradedservice Masqueraded service Software DataonHost Hardware DataonService Datarecoveredbyunauthorizedparty GPS MobileCarrier Jamming WiFi Malware MobileCode DenialofService VulnerableApps VulnerableOS Flooding UnintentionalLoss LossofData Malware

37

Mobility Risk and Specific CMD Threats

IOS5 offers security improvements
iOS Android iOSw/GOOD Androidw/GOOD
ThreatstoEnterpriseMobileDevices Confidentiality Availability Integrit ty

Example -Ability to do over-the-air E l Abili d h i security updates

DSAWG conditions for iOS5 approval

STIG Approval / Risk 1. Application store to support the Threshold secure provisioning and distribution of WinMobilew/GOOD vetted applications to DoD users Win7TabletPC
BlackBerry SMEPED

RiskMitigatingCapabilities
1.)MobileDeviceManagement 1 ) M bil D i M t 2.)EncryptedDatainTransit 3.)EncryptedDataatRest 4.)PKI/MutualAuthentication 5.)Auditing/Logging

2. Training for DoD general users and senior officials 3. DoD Internet proxy service
38

LossofDevice Datarecoveredbyunauthorizedparty PassiveData Passive Data Evesdropping(dataorvoice) Collection Collectionovertheair Collectionoverthenetwork VulnerableApp TheftofCredentials ActiveData Malware Collection C ll i Tracking Loss/TheftofDevice Theft/Misuseof TheftofServices Services AbuseofServices Ontheflymanipulation DatainTransit Masqueradedservice Masqueraded service Software DataonHost Hardware DataonService Datarecoveredbyunauthorizedparty GPS MobileCarrier Jamming WiFi Malware MobileCode DenialofService VulnerableApps VulnerableOS Flooding UnintentionalLoss LossofData Malware

Ris sk

How Can You Help? p

Ask hard questions Leverage your best and b i ht t d brightest Help us find lasting, innovative solutions Be p of our success part
Collaboration:Keytoconqueringthecyberchallenge
39

Questions? Q ti ?
Robert J. Carey
Principal Deputy Chief Information Officer Department of Defense Robert.carey@osd.mil

Blackberry p y pictures

41

Enterprise Resource Planning Systems p g y

Enterprise Resource Planning systems (ERPs) help the D D achieve audit readiness h DoD hi di di ERP design principles
Traceability of all transactions from source to statement y Ability to recreate a transaction Documented, repeatable processes and procedures Co p a ce Compliance with laws, regulations a d s a da ds a s, egu a o s and standards A control environment sufficient to reduce risk

Additional improvements to Business Enterprise Architecture (BEA)

Orienting BEA around end-to-end processes Improving usability and implementation of BEA Improving business system acquisition
42

CY12 Token Distribution Profile

3Feb 3 Feb
Delivered

10Feb 10 Feb
Delivered

29Feb 29 Feb
Delivered

Mar

Apr

May

Jun

Jul

Aug

Sep

Oct

Nov

FY12 Funded Subtotal

174000

Dec Dec*

Total CY12 Delivery

174000

Army

31500
Delivered

14500
Delivered

40000
Delivered

40000

32500

15500

Navy

5000

10500

22500

22500

22500

22500

22500

22500

150500

22500

173000

AirForce

9000

20000

22500

22500

22500

22500

22500

22500

164000

22500

186500

Marine Corps

2500

2500

2500

2500

2500

2500

2500

2500

20000

2500

22500

Agencies

0
Delivered Delivered

0
Delivered Delivered

0
Delivered Delivered

1000

1500

2500

2500

2500

2500

2500

2500

17500

2500

20000

Total

31500

14500

40000

40000

50000

50000

50000

50000

50000

50000

50000

50000

526000

50000*

576000

*DecemberdeliverieswillbeprocuredwithFY13Procurementfunds. AfterFebruary2012,tokendeliverieswillbemadeonthelastbusinessdayofthemonth. After February 2012, token deliveries will be made on the last business day of the month.

43

( ) (U) SIPRNet Token Issuance

Asof23March,59,550tokenshavebeenenrolled/issued An additional28,544havebeenformatted
Organizations
USA USAF USMC USN USCG DISA DLA DODIG DTRA JOINTSTAFF NGA NSA/CYBERCOM WHS/OSD Contractor* Other*

SIPRNetTokensReceived
109,105 16,500 10,887 15,000 800 7,610 7 610 3,000 50 100 900 500 705 5,470 5 470

SIPRNetTokens Enrolled/Issued
27,583 4,467 5,794 6,211 548 2,958 2 958 712 46 1 356 0 19 3,504 3 504 6,897 484 44

*IssuingorganizationnotcurrentlyidentifiedintheTokenManagementSystem

(U) SIPRNet Token Issuance Statistics

180,000 170,600 170,600 170,600 170,600 160,000 140,000 116,100

130,600 130,600 130,600

120,000

100,000 81,990 80,000 63,662 60,000 47,741 40,000 29,189 20,000 49,260 31,320 51,928 54,723 57,675 40,499 42,660 45,647 48,184 50,279 53,820 56,876 84,600 84,600 84,600 84,600 84,600 84,600 69,282 84,600 73,852 74,727 76,745 79,078 79 078 80,557 81,302 , 82,510 85,460

88,094

59,550

32,185

32,986

34,049

35,531

36,790 36 790

38,261 38 261

0 12/9/11 12/16/11 12/23/11 12/30/11 1/6/12 TotalIssued

Asof23March2012

1/13/12 1/20/12 1/27/12

2/3/12

2/10/12 2/17/12 2/24/12 TotalTokensDelivered

3/2/12

3/9/12

3/16/12 3/23/12

TotalFormattedandIssued

45

Additional Cloud Capacity: An Exemplar

~800

Da ataCenter rs

400 20% Demand

AdditionalCloud CapacityRequired Between2014 and2016 and 2016

~100
2014 2016 ~2018
46

Time