It was discussed today at the AFCEA C4I conference that the the Navy is close to signing the Interim Authority to Operate (IATO) to put iPads in the cockpit of F-18s for mapping/charting.
A great step in innovative thinking.
Edit on 4/13
I found out this week from that the USMC is leading this effort.
NMCI Command and Control COI
Developed solution baseline for deployment of a command and control architecture to support the implementation of the Naval Maritime Operations Centers (MOC) on NMCI. Worked with the customer extensively to develop a comprehensive set of requirements. Developed a security construct to ensure both the MOC and NMCI remain secure. Specific requirements needed a deployment of a second connection for redundancy and diversity which introduced unique security issues. The baseline was then tailored for each unique deployment as physical constructs at each base needed certain modifications.
NMCI Boundary 1 Firewall Upgrade
Refreshed the main boundary one instances to newer technologies which allowed the enterprise to reduce hardware footprint from 16 firewalls down to 4 firewalls per instance. The firewalls process approximately 4TB of data daily.
NMCI Application Layer Firewall project
Lead engineers on the RFI to select a new firewall for the enterprise. Developed the requirements, testing procedures, conducted the testing and developed the recommendations for the selection of the firewalls to be used within the enterprise.
NMCI Network Access Control (NAC)
Developed the solution to introduce network access control within NMCI. Worked extensively with the vendor to ensure that the product would align to the Government Security Technical Implementation Guides (government security requirements). Solution consisted of an agentless deployment that needed to move the computers to multiple VLANs depending on the configurations of the machines.
NMCI Load Balancer
Developed hardware load balancing solution to ensure multiple hardware firewalls could be supported transparently. Load balancing was required for take actions on multiple conditions, such as application type, IP address (destination and/or source), network load.
NMCI IPS solution
Engineered a solution for the protection of critical infrastructure. Worked with vendor to ensure product was developed in accordance with Government STIGs, multiple product updates were necessary. Implemented solution to protect the DMZ, boundary 1 – 3, and server farms. Solution was developed to ensure that it was modular enough to support future initiatives.
NMCI HBSS Integration
Government selected McAfee ePO system for host based protection (Host IPS, firewall, asset manager, and central reporting/management). Led the integration effort to ensure large deployment of solution. Extensive communication/consulting with vendor to ensure proper deployment within the large enterprise. Currently NMCI is one of the largest deployments of the product.
NMCI VPN Enterprise Routing
Served as the technical lead in updating the enterprise VPN mesh to allow for dynamic routing. Solution consists of updating the routing infrastructure across the enterprise, updating the software on the VPN, and updating devices to share routes. Solution allows for Dynamic failover capabilities across the enterprise.
NMCI Classified RAS
Acted as Information Assurance technical lead.
Responsible for IA component architecture and engineering documents.
Router Security Policy
Responsible for authoring Outer and Inner Router Security Policies to include best practices, and ACL policy.
Boundary One and Two Firewall Ruleset
Maintained Enterprise Rulesets.
Responsible for developing rules and processing customer defined requirements.
Solaris and Linux Hardening
Responsible for authoring Enterprise Solaris and Linux Hardening Scripts
NCIS Community of Interest and DMZ
Acted as project technical authority.
Responsible for solution requirements, network and IA design.
Responsible for SSL VPN development
Boundary 3 Enterprise COIs
Responsible for IA component architecture and engineering documents.
Responsible for Risk Assessments.
NMCI Account Auditing
Acted as Information Assurance technical lead.
Responsible for implementation planning and government reporting
NMCI Naval Network Identity VPN Solution
Responsible for authoring Extranet VPN engineering documentation.
Secure Web Access Boundary
Responsible for developing engineering documents to support NMCI Outlook Web Access, and all other SSL inbound services
Enterprise VPN upgrade
Responsible for engineering upgrade documents for over 380 remote sites
MARCIRT/NAVCIRT IDS Data Feeds
Authored engineering documents to support NMCI IDS data feeds to NAVCIRT and MARCIRT
Outer Device Network Management/Inner Device Network Management
Responsible for IA component architecture and engineering documents.
NMCI COMNAVSPECWAR VPN solution
Responsible for VPN architecture to facilitate customer NIPRNET transport
Netscreen Global Pro Management
Responsible for driving feature requests with the vendor to support PKI initiatives and custom NMCI scalability requirements
EDS Order to Cash System
Responsible for IA component architecture and engineering documents for VPN tunnels to prime customer.
HP/EDS Voice over IP (VoIP) Trunking Project
Responsible for engineering upgrade documents to support EDS VoIP project.
Very Small Site Design (VSSD) Solution
Authored IA architecture and engineering documents to support VSSD design and implementation.
VCNO Desktop Firewall Project
Responsible for IA component architecture and engineering documents.
IA Consolidated Event DataBase
Responsible for pilot implementation and solution testing.
SupportSoft HelpDesk Application
Responsible for consulting with Vendors on SupportSoft IA requirements
Red Team Reviews
IA voting member of an architectural review board for new business proposals
Application Layer Proxy Firewalls
Subject matter expert for all current and new solutions utilizing application layer proxying firewalls. This includes engineering a variety of boundary architectures including options for high availability, DMZ’s, VPN’s, SSL, routing, load balancing, enterprise management, application delivery and inspection, etc.
Load Balancing and Application Delivery
Subject matter expert for all current and new solutions requiring load balancing and application delivery. This includes firewall and server/client load balancing, high availability, enterprise management, complex delivery solutions utilizing NAT/PAT, various hardware platforms.
Certification and Accreditation
In-depth C&A; for solution architecture, policy, and devices. This includes vulnerability assessments and penetration testing, mapping to DoD policy requirements/STIGs, implementation and test plans, network and system testing.
Network and System Testing
Involved in Network and System testing and vendor selection including RFP’s, equipment evaluation and configuration, IP and load testing, application testing, etc.
For most organizations, enterprise security is a top-level critical concern. While threats continue to escalate throughout business and government, the complexity of security breach strategies is evolving at an exponential rate. Considering new government confidentiality regulations (i.e. HIPAA) and increased employee mobility, security issues are now top priority in every organization.
So now, more than ever, moving from simple security detection to comprehensive security prevention is absolutely mission-critical.
Information assurance
From defense-in-depth security initiatives for the federal government to small business security solutions, our cybersecurity team understands every aspect of security assessment, policy, and technology. With information assurance as a primary practice, we understand that the solution needs to fit the problem. That’s why we start with a risk assessment to make sure every aspect of information assurance is fully documented and addressed.
The task of choosing the right technologies for the right price can be daunting. Anti-virus solutions, firewalls, PKI systems, VPNs, and intrusion prevension systems (IPS) are important components that need to be considered and utilized based on specific risk tolerance levels. iGouge Cybersecurity implements best-of-breed tools and technologies that address your companies specific needs based on size and the value of your data. We offer the most advanced technology and most sophisticated technology expertise.
From design to deployment to proactive monitoring, we save our clients from costly and devastating security breaches.
Risk assessment
· Penetration testing: iGouge Cybersecurity provides zero knowledge to full disclosure penetration testing, abiding a stringent rules of engagement methodology that avoids impacting or disrupting your business. Our findings are developed into a deliverable document that has well defined matrixes of vulnerability to mitigations.
· Risk assessments: We leverage existing standards to include ISO-17799/BS-7799 and GLBA to review all existing security safeguards. This includes security policies and procedures, security architecture, configurations, change management controls and processes, and security design. We can determine mitigation strategies and residual risks.
Enterprise protection
· Policies, standards, guidelines: iGouge Cybersecurity works with customers to develop IT security policies that support ongoing and future business needs. We generate plans for instituting, maintaining, and operating an information security office.
· User education: Developing user awareness programs help employees understand basic, sound security practices. Periodic sessions can include monthly visits to customer sites to highlight new threats and reinforce critical security procedures.
· Incident response: We educate your staff on security incident procedures including triage plans and forensic evidence gathering techniques.
· Perimeter security: iGouge Cybersecurity can plan, design and implement perimeter solutions to include firewalls, access control lists, intrusion detection, load balancing, VPN’s, and DMZ’s.
· Managed services: iGouge Cybersecurity can remotely monitor all systems security. Periodic updates are provided including detailed information regarding security policy changes, pro-active measures taken to counter new threats, and any security incidents. Emergency response liaison procedures can be developed to address critical incidents.
iGouge’s key personnel were involved in the founding and growth of RL Phillips Inc, a small business that provided the following information assurance services:
Chertoff asks for patience on cybersecurity
Federal civilian agencies need to work together more closely to coordinate their information technology network surveillance as part of the White House’s major new cybersecurity initiative, Homeland Security Department Secretary Michael Chertoff said yesterday.
The full cybersecurity strategy will not be completed this year, Chertoff said.
“We are beginning our cyberstrategy,” he said. “That will not be done this year, but I’m hoping we can get it, a cyber center, up and running, and have a full set of plans and a funding budget to move forward over the next several years to get to the next level of cybersecurity.”
Chertoff, who released a statement after speaking with bloggers yesterday, provided details on President Bush’s classified governmentwide cyber initiative that is estimated to cost multiple billions of dollars.
The federal government is “nibbling at the edges” of cybersecurity and needs to have a “game-changing approach,” Chertoff said. “And part of that game-changing approach is to rationalize what we’re doing in the federal domain, and get better control of what enters the federal domain so we can determine whether it’s a threat or not.”
“So I think the minimal thing we need to do is get our own house in order, federally. And that means herding all the different cats of the executive branch agencies into a kind of a single pen where we can have some capability of detecting what’s coming in and out of the federal domain,” Chertoff said.
Even DHS has shortcomings in cybersecurity. The department’s component agencies operate their own cybersecurity programs. “Not all of them have the same level of capabilities…they don’t have emergency watches up 24/7,” Chertoff said.
DHS’ “Einstein” program already performs IT network surveillance at the department, but it is not enough. “For a number of reasons, it’s not as capable as it could be,” Chertoff said.
In preparation for interview with editor at GCN, I received some input from some of my current and former co-workers.
The main question was, “What technologies, solutions, or services will the government client still procure during a market downturn (as most folks in DOD/Government market believe the post 9/11 upswing is leveling out).
Jim P’s initial thoughts:
One new area that I am seeing is what I will term the “End of Life” quagmire. The government market (especially DOD programs) have always had long development and production life-cycles. I remember working on the ASPRO (associative/parallel processor) at Goodyear Aerospace in 1986. This tiny, mil-spec computer (at $1M/unit) was initially designed in the early 1980′s and still is flying in the E-2C in 2008. Sales cycles of 2-4 years are common in DOD. Ship C4I installations are done in 6-12 month increments (based on battle group deployment schedules/overhauls/etc.)
Program managers could always delay technology upgrades to reduce risk. I remember early GCCS staying on HPUX 8.0. Also a PM could perform his 2-3 years duty without any risk of doing a technology upgrade. In fact, some systems took 4-6 years to develop. Then came the internet revolution and the flattening of the world (or Globalization 3.0). The government is now using commercial based solutions and products, but not fully understanding the impact the shorter technology refresh cycle and how it conflicts with the longer government lifecycle.
Some recent examples:
Time to go to bed and turn off my PC running OS2!
more below…..
From a very intelligent co-worker (with a emphasis on security /IA related items:
Data/Information Protection:
- Data at Rest – With mobility continuing to expand, securing those mobile assets is a necessity. Difficulties revolve around how to manage the policies necessary to manage the protection on those assets. For years we have been focusing on securing the data in transit and not addressing the data while it is on the mobile asset. While agencies should focus on both mobile and stationary assets, initial focus needs to be the mobile assets.
- Data Leakage – Agencies need to focus on sensitive data leaving the trusted agency network. Difficulties are that there is a lot of information already out there that is not identified as sensitive information. That challenge should not deter an agency from starting a Data Leakage Prevention effort. Another challenge in this area is that more and more communications are secure from the client to the destination, there needs to be a solution that can inspect that package for sensitive information.
Web Security:
- Tiered Application Security – Continued focus on Web application security. With the continued focus on Web applications, agencies need to continue to focus on securing those applications, communications, and the sharing of information.
- Back-end Data Security – Enhancements on the security of the data behind the web front ends. Agencies will need to focus on database security to ensure that their data remains safe from exploit and in turn safe guarding sensitive data.
Security Information/Event Management:
- Agencies have a lot of security products deployed and all of them generate alerts. SIM/SEM can be tuned to gather the alerts and only deliver the events requiring actions thus providing opportunities to reduce hours spent evaluating all of the different management systems.
Training:
- There is always room for training.