INPUT Blog: DISA Partnership Conference: Day 1 Observations

| Request a Login | Member Login

Search

Links

Blog Home

Subscribe

Follow INPUT on

Free Downloads

Recent Comments

INPUT Report: Electronic Health Record Incentive Funding and the Certification Program
Kristina Mulholland said: The Meaningful Use Final Rule was released today! http://www.ofr.gov/OFRUpl...... [More]

The Workforce Disconnect – House Committee Bill Proposes a Hiring Freeze
Kim said: What??? Apparently the creators of this bill don't realize that the federal agencies that have the l... [More]

Colorado Selects a State-Designated Entity to Receive Health IT Stimulus Funding
Schalene Dagutis said: INPUT has a list of the state-designated entities as part of our State & Local Health Care Solut... [More]

RSS

DISA Partnership Conference: Day 1 Observations

Posted on: April 22, 2009 | Posted By: Ashley Frohwein
Related Categories: Information Security, Technology Trends, Contract Opportunities, Federal

Day One of the 2009 DISA Customer Partnership Conference in Anaheim, California provided an update on current JITC and DISA activities as well as an indication of where DoD is headed. Not surprisingly, current hot topics such as information sharing, cloud computing, and information assurance (IA) featured heavily in the agenda, starting with Col. Ron Stephens, Commander of the Joint Interoperability Test Command (JITC).

JITC, which serves as the DoD certification authority for all National Security Systems (NSS) and IT regarding net readiness and joint interoperability, as well as the Operational Test Agency (OTA) for DISA and other DoD elements, is moving from a systems approach to a "systems of systems" approach. All programs must meet predetermined, overarching requirements. This shift reflects the tendency of particular service-focused requirements to produce service-focused systems, whereas the new approach fosters interoperability across DoD. Also in the spirit of fostering interoperability, Col. Stephens noted JITC's desire to move from multiple stand-alone test environments to a single DoD Test and Evaluation (T&E) environment.

As JITC moves forward, the command hopes to:

Provide input to architecture development for testing and interoperability,
Serve as executive agent for Capability Portfolio Management (CPM) sponsored test-evaluation events,
Establish a CPM T&E NetOps Center,
Establish CPM T&E Federations, and,
Provide Joint Interoperability Certification/Assessment letters that outline system compliance with key CPM requirements.

In a separate panel, John Garing, DISA Director of Strategic Planning and Information, briefly discussed the agency's objective of moving toward cloud computing. A prime consideration in moving toward on-demand/cloud computing is reconciling the desire to share vast amounts of critical information, while ensuring that this information is transmitted and stored securely. Garing used the analogy of Orbitz.com to illustrate the direction he would like to see for DISA. When one purchases hotel or flight tickets online, it doesn't matter much what's "behind the glass"; i.e., it's not important to know whose server is being used or exactly how the transaction occurs. What matters is that the customer gets what they want when they want it.

This is not the case, however, when viewed from DISA's perspective, considering its role in securing information for its customers. Where the information goes, and how it gets there, clearly matters. DISA hopes to address this concern while still preserving the on-demand nature of cloud computing. Garing also expressed his desire to bring social networking sites inside DISA's firewall, thus making them more available and secure to those DISA supports. Garing stated that, as people will undoubtedly attempt to access such applications regardless, it is better to have them firewall protected, rather than working against this perceived inevitability.

In addition to Garing's presentation, Bobbie Stempfley, DISA Deputy CIA and one of DoD's top experts on IA, discussed challenges and objectives regarding IA, specifically the ability to assure DoD mission execution in the face of a cyber attack and to maintain security while sharing information broadly. In part due to DoD budget cuts, Stempfley expects increased consolidation and standardization of information and processes, increasing the volume and rate of transfer of information that originates from more sources. There will be an increased need to efficiently manage these results, since you can't secure what you can't manage. Ideally, all DISA processes would be repeatable, consistent, transparent, managed and manageable, shared but not transferred, as simple as it can be and no simpler, and as complex as it needs to be but no more complex.

The need for information sharing across agencies and the speed and agility of cloud computing continue to grow as our warfighters encounter an increasingly complex enemy in current conflicts. Information assurance, though always important, will only become more vital as information is passed securely to all necessary parties. Given the prevalence and complexity of DoD discussions concerning security issues surrounding information sharing, cloud computing, and information assurance, contractors would be wise to suggest solutions that revolve around or incorporate related elements when proposing solutions to JITC and DISA in particular. Vendors who are able to help DoD create a solution so they do not have to choose between security and communication.

Stay tuned for more on DISA's Customer Partnership Conference.