DISA strives for leaner structure, tighter security

 The Defense Information Systems Agency is in the process of reinventing itself. Its new form will be leaner, more responsive to warfighter needs and a bit more secretive, according to Henry Sienkiewicz the agency’s CIO.

Speaking this morning at an IT industry event, Sienkiewicz outlined the current state of DISA’s transformation. He noted that the agency’s move to Fort Meade, Md., as part of the Base Realignment and Closing (BRAC) Act, will allow it to undergo several major changes to its business and operational procedures.

Sienkiewicz said the first 500 personnel are already on site at the 1.1 million-foot facility and noted that additional staff will move there in stages. The agency’s director, vice director and command center will make the move within the next 30 days. DISA’s new location provides enhanced security and additional secrecy, something that is a change from the agency’s old culture, he said.  

Related stories:

DISA creates DMZ to boost security on unclassified network

DISA to further integrate enterprise infrastructure, services

Sienkiewicz said the agency has moved to a completely voice-over-IP environment across its entire network. DISA has also conducted a great deal of business process engineering to standardize and streamline its internal business processes. The agency hopes to lead DOD by its example.

 “We are going to be the very early adopters of all of these other service offerings or all of these technology enhancements that we are telling the rest of the community to use,” he said.

According to its campaign plan, DISA will support efforts such as the DOD’s data center consolidation plan. Sienkiewicz said that capacity services are fundamental to how the agency functions. He cited the example of the next round of upcoming processor server contracts, noting that the effort has already been successful by allowing DISA to streamline its data processing capabilities. He also reached out to the IT community to help introduce new technologies into the latest refresh cycle to better serve warfighters.

Security and identity management are also major aspects of the new DISA. “We’ve got to be able to build security right into the fundamentals of the way we are doing transport, the way we are doing our networks, the way we are doing our software development,” Sienkiewicz maintained.

Capabilities such as the Host-Based Security System have been rolled out across the DISA environment, and by extension, the entire Defense Department. Another area that the agency is examining is continuous information assurance, the ability to constantly monitor a network in real time. The agency is moving away from checklist-based security that only sees occasional input from administrators, which does not serve the agency or its customers well. “That’s not happening anymore,” he said.

DISA is also actively looking into new identity management and access-based control techniques as it reorganizes. Sienkiewicz cited the example of the agency’s rollout of enterprise email across the DOD. By next year, there will be 1.4 to 1.5 million users on one government email system. He added that identity management is crucial to maintaining security for such a large undertaking.

The agency is also making progress in several cloud computing initiatives. The Rapid Access Computing Environment provides a standardized virtual cloud environment for its users. This program has been very successful—not only by providing services, but offering lessons learned to the organization, he said. But there is still work to do in this area, he added. One unresolved issue is standardizing the accreditation process for users. He noted that DISA is looking at options for ways to make organizations use operations management and enterprise system management tools.

Besides cloud computing options, DISA continues to examine mobile applications. Sienkiewicz said that wireless represents a huge problem set, yet the proliferation of smart phones across the civilian world (and their attraction to younger military and civilian personnel) has caused the Office of the Secretary of Defense to start work on policies for their use. He added that DISA is working on security technical implementation guides (STIGs) for mobile applications. He said that the challenge is finding the right mix of demands between user access and security, adding that he would like to offer a tablet device that was secure.

Among the challenges facing DISA are the need to create dual-user personas, how to deploy applications into mobile devices, and how to accredit applications and devices. Many consumer devices and applications are not quite ready for DOD use, Sienkiewicz said.

One example for how to successfully proceed with a large scale mobile rollout is the Apps for the Army program. Sienkiewicz described the effort as an “extreme partnership” between the Army and DISA. The agency provided a portal for the Army’s use, while it let the service install its own middleware on the network—something that is not standard procedure, he said. However, he added that this is an example of how DISA is working to manage its partnerships with DOD organizations.