Security upgrades highlight DISA buying surge

The Defense Information Systems Agency plans to bolster security features embedded in its far-flung networks and data centers via several acquisition projects planned for the twilight of fiscal 2009.

DISA officials described more than 20 pending acquisition projects scheduled over the rest of this year and the beginning of fiscal 2010 during an Industry Day meeting with vendors Aug. 7.

The agency likely will launch more than a dozen of those acquisition projects before the end of the fiscal year on Sept. 30, the officials said. DISA leaders cautioned that the acquisition projects could change over the next few months in response to budget and program shifts.

The senior DISA executives described procurement projects that would cover the Global Information Grid as well as mission assurance, computing services, the Defense Information Systems Network and satellite communications systems, among other activities.

The Pentagon's communications and computer combat support agency has reshaped its existing security services portfolio to the more comprehensive function of mission assurance.

Mission assurance covers DISA's existing computer and communications IT security services as well as additional activities intended to sustain its customers' tech resources in the face of threats from insiders, for example.

In addition to adopting an expanded agenda for mission assurance, DISA has retooled its security upgrade acquisition plans to reflect the varying needs of its clients across the Pentagon and the intelligence community.

Sherrie Balko, director of the Program Executive Office (PEO) for Mission Assurance and Network Operations, explained that two previous acquisition projects for security upgrade services foundered because they lacked flexibility.

“We tried to get everyone on the same bandwagon and failed,” she said.

Balko explained that DISA's forthcoming acquisition for mission assurance services will allow its clients to choose capabilities tailored to the needs of their existing IT security capabilities.

Balko's organization intends to offer enhanced situational awareness services to its communications and computing services users in other agencies and in the services, she said.

Part of that function is to provide “dashboard” reporting of IT security threats to help technology users continuously evaluate their systems' vulnerabilities.

DISA plans to release a proposal request by early autumn in the field of situational awareness services, Balko said.

The Pentagon agency plans to expand its services in the area of forensic computing, to help IT users identify the perpetrators and methods associated with various types of cyberattacks, she added.

DISA mission assurance specialists now are rolling out a major expansion of the Pentagon's Enterprise Cross Domain Management program by progressively fielding additional online filtering centers around the globe.

The cross-domain centers for managing online data that fits into several levels of security classification are replacing dozens of incompatible legacy filtering systems that Pentagon and intelligence agencies invented to shield their data from prying eyes.

DISA has already deployed three of the regional cross-domain filtering “boxes,” Balko said, two in this country and one in Europe. The agency plans to field two more of the regional cross-domain centers by the end of fiscal 2010, she added.

Pentagon and intelligence community senior executives say consolidating the cross-domain security filters will improve classified data handling.

The program, managed by the Cross Domain Management Organization in Adelphi, Md., under the aegis of the Pentagon and intelligence community CIOs, aims to replace more than 700 separate cross-domain online filters with a baseline array of about 20 approved systems with two or three “exceptions.”

Funds saved by ending the legacy cross-domain filters will help improve security measures that shield secret data from unauthorized disclosure, senior officials say.

Balko emphasized that one goal of the cross-domain security upgrades is to stamp out the practice of using “sneakernet” to transfer classified information among networks.

Sneakernet refers to the practice of transferring data, in this case classified information, to a portable disk or other media unit, and then moving it physically from one system to another by walking across the room, figuratively by wearing sneakers.

“It's a bad practice,” Balko said.

Among the other acquisition projects set for release in the final quarter of the current fiscal year are a group of contracts related to the Presidential Communications Modernization program, according to Bruce Bennett, director of the SATCOM (satellite communications), Teleport and services PEO.

Alfred Rivera, director of DISA's Computing Services division, described how the agency plans to launch acquisition projects to reinforce its reliance on cloud computing and the Rapid Access Computing Environment (RACE).

RACE forms part of DISA's overall drive to acquire computing capacity as a service, without purchasing hundreds of software licenses, Rivera said.

DISA's customers across the federal government will be able to use RACE to set up their “own environment, for only $500 [per] month,” Rivera said.

Even as DISA progressively moves to a “pay as you use” approach to acquiring computer services, the agency maintains 13 major data centers as well as a satellite center in Dubai, Rivera explained.

Those centers host a menagerie of systems ranging from the latest technology to rarely used software, Rivera said. “You name it, I've got it.”