The DoD will continue to consolidate data centers through 2014 as it focuses on strategically located core centers. (JACQUES DEMARTHON/AFP/Getty Images)
Defense Department leaders are well into ambitious efforts to realign and restructure networks and IT under the Joint Information Environment plan. Initially introduced in 2012 as a way to streamline operations and improve information sharing, the once nebulous idea is now taking shape as the future of DoD network IT.
The goal is to standardize military information and security architecture across numerous areas of IT, including software, servers, networks, mobile devices and desktop computers. It involves transitioning to enterprise services, among them DoD’s enterprise email, as well as data center consolidation and the establishment of a single security architecture.
“The standardization and interoperability inherent to the JIE provides an environment that ensures a comprehensive security posture thanks to a better visibility of the enterprise,” said Air Force Col. Daniel Liggins, vice director of the Defense Information Systems Agency’s JIE Implementation Office. “The single security architecture provides a standardization and automation to execute defensive actions and will reduce our cyberattack surface by enabling centralized configuration management.”
The comprehensive effort starts at the highest echelons of the DoD and is designed to reach the most remotely deployed troops.
“Mission success depends upon the ability of our military commanders and civilian leaders to act decisively based on the most timely and accurate data and information,” DoD CIO Teri Takai told lawmakers on the House Armed Services’ subcommittee on intelligence, emerging threats and capabilities. “Unlike the one-size-fits-all networks the department has now, the JIE will provide mission commanders more freedom to take operational risk with the networks since the risks can be contained to the decision support and systems specifically needed for that mission.”
So far, one of the most significant milestones in JIE’s progress is its first increment, implemented in Europe, reaching initial operating capability in August 2013. Defense officials marked the occasion with a ribbon-cutting ceremony at the first regional enterprise operations center, which will play a central role in coordinating JIE operations, in Stuttgart, Germany. An operational review of increment 1 reportedly was expected by the end of March, but officials are careful with announcements of specific dates.
Increment 2, to be spearheaded by the Navy’s Pacific Command and implemented in the Asia-Pacific region, is said to be under way, but there are no specific dates available for when that will be operational. Previous reports have pegged implementation of increments 2, 3 and 4 — at least one of which will be U.S.-based — as sometime this fall, with full capacity expected within five to six years.
Other areas of JIE are less ambiguous. DoD closed at least 277 of its more than 1,000 data centers as of the first quarter of fiscal 2014 and plans for more closures as the department focuses on strategically located core data centers. The Army has transitioned to defense enterprise email, and the Air Force migrations are under way. As of February 2014, there are more than 1.6 million users on the unclassified enterprise email program, and 150,000 on the classified side, Takai said.
In 2014 and beyond, expect increased emphasis on the classified side of JIE’s capabilities, including email. To date, much of the attention has been directed at the unclassified side and DoD’s Non-classified Internet Protocol Router Network (NIPRNet), but that’s likely to shift in the coming months.
“One of my frustrations as a guy who wears the uniform is ... a lot of what we’ve initially done with JIE translates to unclassified” capabilities, said Brig. Gen. Kevin Wooton, director of communications and information at Air Force Space Command. “Only peripherally have we really started doing the work on the classified side, on SIPRNet [Secret Internet Protocol Router Network] and others. My fondest hope is [that] what we learn and what we do from the NIPR/unclassified perspective translates to better maintenance and better usage of our command and control networks, our networks that carry classified data, and then we can take what we’ve learned like gateways and command and control architecture and roll them into the SIPRNet area.”
That’s the side the Air Force is particularly interested in — and that needs particular attention, Wooton said. He’s also hopeful that a “2.0” version of defense enterprise email will incorporate commercial cloud solutions.
“We’re pushing that along with partners, including DISA, on experimenting and maybe we can leap to that,” Wooton said. “But getting back to the fundamental focus — how do we take care of our command and control networks, how do we make sure we take care of capabilities that are at the last tactical mile in places like Afghanistan and the Pacific? As you know, both increment 1 and increment 2 ... are looking at those things, but as we flesh it out, we really have to focus on warfighting capabilities.”
The cyber domain
Those capabilities include the cyber domain. Gen. Keith Alexander, commander of U.S. Cyber Command and director of the National Security Agency, has been especially vocal about DoD network defenses, which he says JIE will help fortify.
“Sprint to JIE,” he told a cybersecurity conference audience last summer just outside of Washington. “We got to create one joint integrated cyber force. And thanks to the services for the great work that you’re doing on that, absolutely superb. The service chiefs and everybody are pushing to get those forces trained.”
That goes for cloud as well. Alexander has described cloud as sort of a modern defense-in-depth strategy, a crucial central infrastructure that can be used by the services for multiple capabilities, including mobile, and allows for better data security.
“I think the cloud architecture that’s been pushed forward for [JIE] and the intelligence community’s IT environment is where our nation needs to be,” Alexander said last fall. “A thin virtual cloud environment offers some great capabilities for the future.”
In her Capitol Hill testimony, Takai called cloud a “critical capability” and said her office continues to investigate the best ways to take advantage of commercial cloud offerings — an issue mired in security issues. But at least one company, Autonomic, has garnered DoD cloud approval through an expansive Federal Risk and Authorization Management Program-based process, with more expected.
“The nature of the department’s mission, and the risk to national security if DoD information were to be compromised, requires the careful evaluation of commercial cloud services, especially in areas of cybersecurity, continuity of operations and resilience,” she said. “There are two key components of the department’s cloud strategy. The first component is the establishment of a private enterprise cloud infrastructure that supports the full range of DoD activities in unclassified and classified environments. The second is the department’s adoption of commercial cloud services that can meet the department’s cybersecurity needs while providing capabilities that are at least as effective and efficient as those provided internally.”
One other primary tenet of JIE is the consolidation of hundreds of security stacks into roughly 15 joint regional security stacks.
“One of the early successes of the JIE is the deployment of joint regional security stacks, which are a component of the single security architecture and will ultimately help to improve command and control and situational awareness across the enterprise,” Liggins said. “The stacks are being installed at various sites around the world.”
The nature of the joint regional security stacks — central nerve points in a network operating around the world, improving cybersecurity and linking millions of users widely scattered to each other and to information — underscores what the Pentagon is trying to achieve with JIE.
“Future globally integrated operations will require even more integrated communications with mission partners on a single security classification level with a common language,” said Adm. Samuel Locklear, commander of Pacific Command, said in March 5 testimony. “JIE will further strengthen collective cybersecurity in the region and will redefine joint/coalition communications, establish a credible cyber defense posture, and improve staff efficiency and support. We have already expanded traditional communications interoperability forums with Korea, Japan, Singapore, Thailand and the Philippines to include cyber defense.”