DISA Testing Services for the Enterprise Luanne Overstreet DISA T&E Executive 13 December 2012
Our Mission DISA, a Combat Support Agency, provides, operates, and assures command and control, information sharing capabilities, and a globally accessible enterprise information infrastructure in direct support to joint Warfighters, National level leaders, and other mission and coalition partners across the full spectrum of operations. Our Vision: Information superiority in defense of our Nation. 2
Enterprise Infrastructure Global Connectivity Global Computing Enterprise Services Mission Assurance In collaboration with COCOMs, Services, and Agencies 3
Operate & Assure DNC-CONUS - Scott DISA Alaska DISA STRATCOM DISA CONUS Global Operations DISA Command Center (DCC) - Fort Meade Joint Staff Support Center (JSSC) - Pentagon White House Communications Agency (WHCA) - Washington, DC Legend: DISA NetOps Center (DNC) Network Services/Transport System Management Center (SMC) Computing Services Infrastructure Services Center (ISC) Enterprise Services DISA Field Office DISA TRANSCOM DNC-EUCOM Network Assurance Analysts/Teams SMC-Oklahoma City SMC-Ogden DNC-NORTHCOM Field Security Ops Activity SMC-Mechanicsburg SMC-Montgomery DISA EUCOM DISA AFRICOM DISA Korea DISA Japan DISA NORTHCOM ISC-Columbus ISC-St. Louis DISA Okinawa DISA Guam ISC-San Antonio DNC-PACOM DISA PACOM DNC-CENTCOM (MacDill and Bahrain) DISA CENTCOM (Baghdad and Kabul) DISA SOCOM DISA SOUTHCOM Networks Computing Enterprise Services Information Assurance Infrastructure 4
Mission Assurance Enterprise Infrastructure Reduce Attack Surface Improve Network C2 Improve Safe Sharing Web Content Filtering Whitelist at NIPRNet Boundary Email Security Gateway Enterprise Sensors Host Based Security System (HBSS) Demilitarized Zone Identity Management Cross Domain Information Sharing 5
What s Ahead Current Capability Future Hundreds of Data Centers Divergent Voice, Video, and Data Services Data Center Consolidation Unified Capabilities Small Number of Shared Data Centers Integrated Voice, Video, and Data Real-Time Collaboration Service Oriented Security Enterprise Security Architecture COCOM Oriented Security Blackberry and Cell Phones STIGs Security Technical Implementation Guides Mobile Technology Cloud Broker/Cloud Computing Tablets, Application Stores Security Requirements Guides Agile, Secure Service Environment Many IT Infrastructures Joint Information Environment Single DoD IT Environment 6
Paradigm shift to Cloud Services Services are developed and integrated to support missions Common services are consumed Enterprise services are centrally managed Consolidation of resources decrease human services More capability monitored with less resources due to reduced footprint Better S/A and faster C2 increase Cyber management Consistent & consolidated architecture Commonality and UC promotes reciprocity in security and interoperability Rapid scaling and Onboarding of new users Enterprise Infrastructure Central Management Consolidated Architecture Acquisition strategies are changing the profile of T&E Customers 7
Customer Profile FY07 & FY10 Other (89) 11% Other Fed (41) 5% Combatant Cmd (67) 8% USA (98) 12% USN (106) 13% JITC Customer Profile from FY10 DISA is now 23.6% of the Business BTA, MHS, and NSA begin their business transformation into enterprise solutions, which totals 35.2% T&E in FY10 was still focused at a program level. Other DoD (167) 21% Joint Staff (17) 2% DISA (93) 11% USMC (36) 4% USAF (104) 13% JITC Customer Profile from FY07 DISA was 11% of the Business No other Business Systems or Enterprise Solutions under test. T&E in FY07 was program by program 8
FY12 Customer Profile In FY12, just under half of all JITC business is in support of Enterprise solutions. Chart to right depicts dollars not percentages. DoD Enterprise Capabilities, 25.9 NSA, 7.5 DoD WHS, 0.7 MHS, 1.5 Air Force, 9.4 DLA, 12.5 Marine Corps & Navy, 6.9 DIA, 1.8 Army, 9.1 Other DoD Programs, 5.2 TRMC, 0.6 NGA, 4.9 Commercial, 3.1 USSOCOM, 3.1 USCENTCOM, 0.5 JS J8, 1.6 Other US Gov't, 2.0 DISA is now 25.9% of the Business However, the trend shows Non-DISA organizations catching up. DLA (taking over from BTA) MHS, and NSA combined with DISA Enterprise Systems total 49.3%.
Anatomy T&E for Enterprise Services It Takes More than One Organization to Create an Enterprise 10
UNCLASSIFIED Enterprise IT Service Management Moving from Systems to Services ITSM T&E Criteria Utility: Fit for Purpose Improves performance and/or reduces constraints Warranty: Fit for Use Reduce performance variation Availability Capacity Continuity Security Enterprise Interoperability covered under Utility Integrated services & Central management Security directly tied to Warranty 11 UNCLASSIFIED
Approved Products List Unified Capabilities Fast track to production Video Presence Integrated Directory Co-Ringing IM/Chat Software Linkage Voice Conferencing & Conference Control Voicemail/ Email Integration Consistent products ensure a constant environment with reliable services Unified capability requirements support DISN (Network) and DISN Subscription Services (Voice, Video, Data, etc.) Mobile Devices Voice & Video / Conferencing Bridges Mobile Devices will use the same process, where security is key to approved for use Unified Capabilities consolidating a robust and resilient mesh of media 12
Cyber Testing & Training Finally, the aim of DISA s architecture capabilities at the Command Level is to provide the Cyberspace Commander with situational awareness, critical information, alerts and warning, along with threat information to support C2 decisions based on full awareness and understanding. To defend against what we don t know or expect. The DISA s Defense-in-Depth (DiD) architecture is designed to protect, detect, diagnose, react, and recover from hostile threats within the Global Information Grid (GIG). Applications, software and hardware are still required to comply with STIGs and IAVAs to protect against what we know. At the program level, penetration testing is conducted. Security teams also conduct interviews and make observations at hosting locations. To protect against what we expect. T&E processes and procedures, training and validation is what is missing and must be developed. Achieving interoperability (systems, processes and people) of the cyberspace domain is critical to the defense of our networks, systems and information. At the next layer, the Enterprise Infrastructure Level, DISA is embarking on the Enterprise Infrastructure Hardening initiative, a series of sensors, monitors, reaction and analysts systems to protect and defend critical enterprise infrastructure DISA layers defenses at the Computing Infrastructure Level (local enclave environment) to protect critical programs, systems, enterprise services, servers (data) and host processing. For Situational Awareness and Monitoring
Mobility Acquisition Planning Phase and is subject to change. DoD Mobile Application Storefront Classified and Unclassified Centralized Application Store with Decentralized Application Development by CC/S/A with MILDEP unique Enterprise Email (i.e. NMCI or AFNet) PKI Based VPN Worldwide Wireless Commercial Carriers Mobility Networking DoD Mobility Gateway Mobile Device Management Defense Enterprise E-Mail Calendar Commercial Mobile Devices SIM Card Control ID/Credential SIM Cards procured by CC/S/A and registered on Management Servers Centralized Government Management Servers CC/S/A promotes Policies to Centralized Management Servers A Messaging VoIP to DSN Video Secure Government Enterprise Services Enables the mobile user access to secure commercial carrier transport and government enterprise services 14
DoD Enterprise Cloud Service Broker USAF USN USA USMC DoD Consumers T&E will likely focus on V&V of services to broker, and performance and user experience post deployment. CLOUD BROKER Understand, collect, and aggregate DoD consumer requirements Define services to be offered to DoD Manage service provider relationships Monitor performance Match actual and anticipated user demand to current and future services Integrate DoD Identity and Access Management DISA Unclassified DISA Classified Commercial Private Unclassified Commercial Private Classified Commercial Unclassified 15
New Approach to T&E Services Testing as a Service (Agile for the Enterprise) Interfaces, environments, services Automated script generation agnostic SMEs to support performance, interoperability, security, etc events Single Security Architecture Platform as a Service Infrastructure as a Service Common services (Comms, capacity, etc) Government Acceptance Testing Hosting Environment Integration Central Management Consistent User Experience SME support available as a consistent service to T&E customers 16
SUMMARY Department moving towards a converged Enterprise Service Environment DISA Architecting and Building the infrastructure and common services Services/Agencies shifting acquisition approach and require more than functional based automated T&E capability DISA/JITC working to enable environments, tools, services and SME s into an enterprise Testing as a Service offering 17