Joint Information Environment

Transcription

1 Joint Information Environment 12 May 14 1

2 Agenda JIE Necessity DISA s JIE Focus Takeaways Introduction of Breakout Session Leads

3 DoD IT Future: Joint Information Environment A secure joint information environment, comprised of shared information technology (IT) infrastructure, enterprise services, and a single security architecture to achieve full spectrum superiority, improve mission effectiveness, increase security and realize IT efficiencies. JIE is operated and managed per Unified Command Plan (UCP) using enforceable standards, specifications, and common tactics, techniques, and procedures (TTPs). Source: 6 Jul 12 DMAG/13 Jul 12 Tank JIE is NOT: Program of Record / Joint Program Office Turn key solutions Independent way of doing things

4 Setting the Stage for C2 and Decision Support Data Access Joint Information Environment

5 Unclassified/Pre-decisional/FOUO JAN 2013 [With the JIE], we will have set the conditions for next generation capabilities, fully leveraging the power and versatility of commercial information technology and evolving from a brittle, network-centric understanding of our information environment to a flexible datacentric environment enabling access to information at the point of need. GEN Martin E. Dempsey, Chairman of the Joint Chiefs of Staff Our IT systems do not simply allow us to one another, chat online, and access the web for our administrative tasks. They are the backbone we use to interconnect Operations across multiple domains and deliver mission success around the globe.

6 Decentralized Architecture Today Decentralized Systems Increase Our Cyber Attack Surface Attack Surface Servers Data centers Service specific IT End user devices Servers Data centers Service specific IT End user devices Servers Data centers Service specific IT End user devices Servers Data centers Service specific IT End user devices Servers Data centers Mission unique IT End user devices Internet Access Points 3 Feb not defensible over the long run. General Alexander Commander, USCYBERCOM 6

7 The Operational Environment - Today Regional Operations with Global Effects Operation Gladiator Shield Global Cyber Levant Planning USEUCOM / USCENTCOM Operation Enduring Freedom ISAF-Afghanistan Office of Security Cooperation Iraq Operation Jukebox Lotus Juniper Micron USAFRICOM / USEUCOM Humanitarian Assistance USPACOM Requires a synchronized unified effort across a global infrastructure

8 Where We Are Going 3 Dec

9 Unclassified/Pre-decisional/FOUO The JIE Target State We need pioneers and visionaries and folks that are moving out to get us to where we need to go. We are not necessarily at a tipping point, but it is an informational point. the expectations on this agency are huge, they are tremendous and people are expecting us to build this out -Lt Gen Ronnie D. Hawkins, Jr., Director, DISA Our target objective state is a Joint Information Environment that optimizes the use of the DoD IT assets by converging communications, computing, and enterprise services into a single joint platform that can be leveraged for all Department missions. These efforts reduce total cost of ownership, reduce the attack surface of our networks, and enable DISA s mission partners to more efficiently access the information resources of the enterprise to perform their missions from any authorized IT device from anywhere in the world.

10 The Agency maintains four strategic goals. These goals and the supporting key objectives link our strategy to our day-to-day operations and guide us to build the DISA of tomorrow and achieve our Target Objective State. GOAL 1: Evolve the Joint Information Environment GOAL 2: Provide Joint Command and Control (JC2) and Leadership Support GOAL 3: Operate and Assure the Enterprise GOAL 4: Optimize Department Investments DISA Strategic Plan DISA Focus Area No. 1: DoD Joint Information Environment

11 Centralized Architecture Under the JIE Global Enterprise Operations Center w/ Enterprise Situational Awareness (SA) and C2 JIE Access Points (EOCs w/ Regional SA) DISN IP Transport Internet Access Points Enterprise Data Centers Enterprise Services Enterprise Cloud computing Identity Management Access Management Enterprise Portal Enterprise Licensing Enterprise Security System focused Application/data focused Implemented at key points Standardized configuration Simultaneously deployed controls Smaller more efficient force Visibility of entire JIE Real-time defensive operations 3 Feb

12 Joint Information Environment Globally Integrated Operations (Current Status May 2014) Global Continuum Through Regional Implementation EUROPEAN PACIFIC CONUS FOCUS: Concept Development Leverage JEN 1 st EOC Established TTPs 1 st JIE CDC, IAP, IPN SSA w/ JRSS FOCUS: Mission Partner Environment (MPE) interface with JIE Improved Cyber Resilience Data Center Consolidation from Unique PACOM operational area GEOC FOCUS: Build Joint Regional Security Stacks Establish MPLS Routing Core Delivers 11 JRSS Suites & MPLS Core Joint C2 (AF, AR, DISA) Regional Approach to Maturing the JIE and Integrating Technology Concurrently on a Global Basis

13 Single Security Architecture Collapses the network security boundaries Reduces the external attack surface Provides a defensible architecture Rapid and safe data sharing Enabling Activities (EUR) SA & C2 for initial B/P/C/S (Achieved Jul 13) Install SSA at the Core Data Center in Europe (Achieved Sep 13) Install SSA at the IAP (Achieved Nov 13) Install SSA at an IPN; JIE boundary protection implemented (Planned) Improve Warfighter C2 Improve Cyber C2 Efficiently Use Resources Securing data and its use, enabling Force-wide Collaboration Standardize security suites to inspect, block and collect Shrink the Domains Save 5-30 FTEs per Domain! 3 Dec

14 JIE Single Security Architecture, Big Data & Identity Access Management are the Foundation Identify aggregate Identify patterns and Access to all the raw Mine and Fuse data anomalous behaviors indicators that are data into observations that fit a malicious out of the norm profile Mar

15 JIE Operational Concept End-State 3-5 Years - Service-centric non-standard operations centers - Non-standard TTPs, architectures & applications - No standard ops architecture Now - GEOC established - Standardized TTPs - JIE ops architecture & Initial COP capability - Mixture of JIE EOCs and Service centers - Reduced number of CNDSPs End State Regionally Focused but Globally Available to Deliver Cyber Effects - Fully meshed EOCs provide seamless control and failover - EOCs in place for all non-service unique missions - JIE COP in place - Automated capabilities in place, e.g. compliance verification and reporting - Standard TTPs, Architectures & Applications15

16 DoD Data Center Consolidation Mission Partner Data Centers Effective and Optimized Use of Data Centers Converged IT Increased Security Reduced Attack Surface Single Security Architecture Reduced Cost Consolidated IT Investment Consistent IT Architecture Enterprise Level Efficiencies Simplified, Standardized, and Centralized Infrastructure Core Data Centers 3 April

17 Base w/15,000 people and 10 phone systems Firewalls require units to deploy their own infrastructure FTEs required for O&M in each enclave Fort A Camp F Base B Converged IP Transport Station G Camp C Base H Enclave A Enclave I Base D Post I Existing Architecture Enclave J Unified Capabilities Enclave B Enclave H DISN Backbone JIE Future Architecture Fort E Station J Enclave C Enclave G Enclave D Enclave F Enclave E Integration of voice, video & data delivered ubiquitously Enterprise Session Controllers serving 200,000 users in a geographic region Streamlined Troubleshooting Integration with other Enterprise Services Soft Phones 1% Hard Phones 99% Deterministic Routing / Single Point of Failure Dynamic Routing / Self Healing Soft Phones 80% Hard Phones 20% Converged Voice, Video, and Collaboration Services Across the DoD in Real Time

18 COCOMs SERVICES SERVICES SERVICES AGENCIES COALITIONS IC Consumers DoD Enterprise Cloud Service Catalog DoD Enterprise Cloud Service Broker DoD Cloud Broker Roles Consistent DoD Security: - Cloud security models approved by DSAWG - Well defined security levels correlated to protection requirements - Alignment with IC for classified levels - Models enable repeatable security assessments Customer Engagement: - Consolidated DoD-wide cloud requirements - Identified opportunities for partnerships, efficiencies, strategic sourcing, service availability gaps, etc. - Assessments provided customers with appropriate solution alternatives Providers IOC -Initial Service Catalog -Security Models -Limited Business Model -Matching criteria -Initial CRM Engagement with Service providers: - Established terms and conditions for future contract vehicles - Conducted security assessments for FEDRAMP approved providers - Working within DISA and in partnership with Services to establish contract vehicles that address requirement gaps FOC -Increased Service Offerings -Security monitoring/sa -Mature processes -Ordering/provisioning tools -Automated customer interface -- Consistent Security posture -- Partnerships to increase cloud service offerings -- Efficiencies through economies of scale 18

19 Defense Enterprise Mobility Mobile devices will provide access to the DoD Information Networks (DoDIN), allowing warfighters to operate within the JIE when and where needed. DISA is charged with deploying an unclassified enterprise Application Store that will deliver, update and delete apps on mobile devices without having to return the device for service. Department of Defense App Store Deployed - Good Deployed Mobile Iron In Review/Testing Requested The JIE will Eliminate the Barriers allowing Mobile Access to C2 and Decision Support Data 4 Mar

20 Takeaways JIE is an Operational Imperative DISA s Strategic Focus is on JIE Implementation Partnership with Industry is Key to Success