joint information environment - afcea belvoir · pdf filesource: 6 jul 12 dmag/13 jul 12 tank...
TRANSCRIPT
Joint Information
Environment
28 May 14
1
UNCLASSIFIED
UNCLASSIFIED
Agenda
• JIE Necessity
• DISA’s JIE Focus • Takeaways
• Introduction of Breakout Session Leads
UNCLASSIFIED
UNCLASSIFIED
DoD IT Future: Joint Information Environment
A secure joint information environment, comprised of shared information technology (IT) infrastructure, enterprise services, and a single security architecture to achieve full spectrum superiority, improve mission effectiveness, increase security and realize IT efficiencies. JIE is operated and managed per Unified Command Plan (UCP) using enforceable standards, specifications, and common tactics, techniques, and procedures (TTPs).
JIE is NOT: • Program of Record / Joint Program Office • Turn key solutions • Independent way of doing things
Source: 6 Jul 12 DMAG/13 Jul 12 Tank
UNCLASSIFIED
UNCLASSIFIED
Joint Information Environment
Setting the Stage for C2 and Decision Support Data Access
FUTURE
Single DoD Environment; Data-Oriented
Small # of Shared
Data Centers
Tablets, App Stores
Security
Requirements Guides
COCOM-Oriented
Security
Agile, Secure Service
Environment
Integrated Voice,
Video & Data
Real-Time
Collaboration
3 Dec 13 - 0800 4
UNCLASSIFIED
Unclassified/Pre-decisional/FOUO
5
“[With the JIE], we will have set the conditions for next generation capabilities, fully leveraging the power and versatility of commercial information technology and evolving from a brittle, network-centric understanding of our information environment to a flexible data-centric environment enabling access to information at the point of need.”
GEN Martin E. Dempsey, Chairman of the Joint Chiefs of Staff
JAN 2013
“Our IT systems do not simply allow us to email one another, chat online, and access the web for our administrative tasks. They are the backbone we use to interconnect
Operations across multiple domains and deliver mission success around the globe.”
Decentralized Architecture Today
6 3 Feb 2014 -- 1200
Internet Access Points
Attack Surface • Servers • Data centers • Service specific IT • End user devices
• Servers • Data centers • Service specific IT • End user devices
• Servers • Data centers • Service specific IT • End user devices
• Servers • Data centers • Service specific IT • End user devices
• Servers • Data centers • Mission unique IT • End user devices
Decentralized Systems Increase Our Cyber Attack Surface
“…not defensible over the long run.” General Alexander – Commander, USCYBERCOM
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Humanitarian Assistance USPACOM
Operation Enduring Freedom ISAF-Afghanistan
Operation Gladiator Shield Global Cyber
Levant Planning USEUCOM / USCENTCOM
Operation Jukebox Lotus
Juniper Micron USAFRICOM / USEUCOM
Office of Security Cooperation Iraq
Requires a synchronized unified effort across a global infrastructure
The Operational Environment - Today Regional Operations with Global Effects
Where We Are Going 3 Dec 13 - 0800 8
UNCLASSIFIED
UNCLASSIFIED
Unclassified/Pre-decisional/FOUO
The JIE Target State
9
“We need pioneers and visionaries and folks that are moving out to get us to where we need to go. We are not necessarily at a tipping point, but it is an informational point.”
“…the expectations on this agency are huge, they are tremendous and people are expecting us to build this out”
-Lt Gen Ronnie D. Hawkins, Jr., Director, DISA
Our target objective state is a Joint Information Environment that optimizes the use of the DoD IT assets by converging communications, computing, and enterprise services into a single joint platform that can be leveraged for all Department missions. These efforts reduce total cost of ownership, reduce the attack surface of our networks, and enable DISA’s mission partners to more efficiently access the information resources of the enterprise to perform their missions from any authorized IT device from anywhere in the world.
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
The Agency maintains four strategic goals. These goals and the supporting key objectives link our strategy to our day-to-day operations and guide us to build the
DISA of tomorrow and achieve our Target Objective State.
• GOAL 1: Evolve the Joint Information Environment
• GOAL 2: Provide Joint Command and Control (JC2) and Leadership Support
• GOAL 3: Operate and Assure the Enterprise
• GOAL 4: Optimize Department Investments
DISA Strategic Plan
DISA Focus Area No. 1: DoD Joint Information Environment
Centralized Architecture Under the JIE
11 3 Feb 2014 -- 1200
JIE Access Points (EOCs w/ Regional SA)
Enterprise Data Centers
Internet Access Points
DISN IP Transport
Global Enterprise Operations Center w/ Enterprise Situational Awareness (SA) and C2
• Enterprise E-mail • Cloud computing • Identity Management • Access Management • Enterprise Portal • Enterprise Licensing
Enterprise Services
Enterprise Security
• System focused • Application/data focused • Implemented at key points • Standardized configuration • Simultaneously deployed
controls • Smaller more efficient force • Visibility of entire JIE • Real-time defensive
operations
UNCLASSIFIED
UNCLASSIFIED
Joint Information Environment Globally Integrated Operations (Current Status – May 2014)
12
FOCUS: Concept Development Leverage JEN 1st EOC Established – TTPs 1st JIE CDC, IAP, IPN SSA w/ JRSS
FOCUS: Build Joint Regional Security Stacks Establish MPLS Routing Core Delivers 11 JRSS Suites & MPLS Core Joint C2 (AF, AR, DISA)
Global Continuum Through Regional Implementation EUROPEAN PACIFIC CONUS
Regional Approach to Maturing the JIE and Integrating Technology Concurrently on a Global Basis
FOCUS: Mission Partner Environment (MPE) – interface with JIE Improved Cyber Resilience Data Center Consolidation from Unique PACOM operational area
GEOC
UNCLASSIFIED
UNCLASSIFIED
Single Security Architecture • Collapses the network security boundaries • Reduces the external attack surface • Provides a defensible architecture • Rapid and safe data sharing
Securing data and its use, enabling Force-wide Collaboration
Improve Warfighter C2
Standardize security suites to “inspect, block and collect”
Shrink the Domains Save 5-30 FTEs per Domain!
Improve Cyber C2
Efficiently Use Resources
Enabling Activities (EUR)
SA & C2 for initial B/P/C/S (Achieved Jul 13)
Install SSA at the IAP (Achieved Nov 13)
Install SSA at the Core Data Center in Europe (Achieved Sep 13)
Install SSA at an IPN; JIE boundary protection implemented (Planned)
3 Dec 13 - 0800 13
UNCLASSIFIED
UNCLASSIFIED
14 4 Mar 2014 -- 1700
101010101010100010101010101010101010111010110001001010101011 110010101010101010101010101010101011010010101100110110101001101010101001010101010101010101010100111010101010101101001011001101010101010101010101010010101001101010101010110110101101111111110001100000010101010110101111111110000000011111101010101010101111111011010011111100000000010010010101011101001010111010101111111111111111101010101011010101011010010101010101010101010110111000101010101101010101010101011110000000000001010100101010101010101010101010101010101010101010101010100101000101010101010110101010101010101001010101011111111111111111111101001010100010101010100001010101011100010101100101011010101010101010010110010100101011001101010100101010110100000111
JIE Single Security Architecture, Big Data & Identity Access Management are the Foundation
Identify aggregate anomalous behaviors
that fit a malicious profile
Mine and Fuse data into observations
Identify patterns and indicators that are
out of the norm
Access to all the raw data
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED 14
End State – Regionally Focused but Globally Available to Deliver Cyber Effects
- Fully meshed EOCs provide seamless control and failover - EOCs in place for all non-Service unique missions - JIE COP in place - Automated capabilities in place, e.g. compliance verification and reporting
- Standard TTPs, Architectures & Applications15
- GEOC established - Standardized TTPs - JIE ops architecture & Initial COP capability - Mixture of JIE EOCs and Service centers - Reduced number of CNDSPs
Now
3-5 Years
End-State
- Service-centric non-standard operations centers - Non-standard TTPs, architectures & applications - No standard ops architecture
JIE Operational Concept
DoD Data Center Consolidation
16 3 April 2014
Core Data Centers
•Effective and Optimized Use of Data Centers
•Converged IT
•Increased Security •Reduced Attack Surface
• Single Security Architecture
•Enterprise Level Efficiencies •Simplified, Standardized, and
Centralized Infrastructure
•Reduced Cost •Consolidated IT Investment •Consistent IT Architecture
Mission Partner Data Centers
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
Future Architecture
Existing Architecture
JIE
Dynamic Routing / Self Healing
Deterministic Routing / Single Point of Failure
Converged IP Transport
Base B
Camp F Station G
Fort A Base D
Post I
Fort E
Base H Station J
Camp C
DISN Backbone Enclave A
Enclave C Enclave B
Enclave D
Enclave I
Enclave J
Enclave H Enclave G Enclave F
Enclave E Soft Phones 1%
Hard Phones 99%
Converged Voice, Video, and Collaboration Services Across the DoD in Real Time
• Base w/15,000 people and 10 phone systems • Firewalls require units to deploy their own infrastructure • FTEs required for O&M in each enclave
• Integration of voice, video & data delivered ubiquitously • Enterprise Session Controllers serving 200,000 users in a geographic region • Streamlined Troubleshooting • Integration with other Enterprise Services
Soft Phones 80%
Hard Phones 20%
Unified Capabilities
17
UNCLASSIFIED
UNCLASSIFIED
18
DoD Cloud Broker Roles Consistent DoD Security:
- Cloud security models approved by DSAWG
- Well defined security levels correlated to protection
requirements
- Alignment with IC for classified levels
- Models enable repeatable security assessments
Customer Engagement:
- Consolidated DoD-wide cloud requirements
- Identified opportunities for partnerships, efficiencies,
strategic sourcing, service availability gaps, etc.
- Assessments provided customers with appropriate
solution alternatives
Engagement with Service providers:
- Established terms and conditions for future contract vehicles
- Conducted security assessments for FEDRAMP approved
providers
- Working within DISA and in partnership with Services to
establish contract vehicles that address requirement gaps
Providers Consumers
IOC FOC
-Initial Service Catalog
-Security Models
-Limited Business Model
-Matching criteria
-Initial CRM
DoD Enterprise
Cloud Service Catalog
-Increased Service Offerings
-Security monitoring/SA
-Mature processes
-Ordering/provisioning tools
-Automated customer interface
SERVICES SERVICES SERVICES SERVICES SERVICES
AGENCIES
COALITIONS
IC
COCOMs
-- Consistent Security posture -- Partnerships to increase cloud service offerings -- Efficiencies through economies of scale
DoD Enterprise Cloud Service Broker
28 Apr 14 - 1530
Defense Enterprise Mobility
4 Mar 2014 -- 1700
Mobile devices will provide access to the DoD Information Networks (DoDIN), allowing warfighters to operate within the JIE when and where needed. DISA is charged with deploying an unclassified enterprise Application Store that will deliver, update and delete apps on mobile devices without having to return the device for service.
The JIE will Eliminate the Barriers allowing Mobile Access to C2 and Decision Support Data 19
Deployed - Good
In Review/Testing
Department of Defense
App Store
Requested
Deployed – Mobile Iron
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
UNCLASSIFIED
• JIE is an Operational Imperative
• DISA’s Strategic Focus is on JIE Implementation
• Partnership with Industry is Key to Success
Takeaways
9 Sep 13 -- 1200 21
A COMBAT SUPPORT
AGENCY
3 Dec 13 - 0800 21