Categories
Tech

Will the Pentagon use a contractor to merge information networks?

I read an article the other day, Pentagon to merge information networks. The following section caught my eye in particular,Defense Department leaders have decided that the best way to protect sensitive information from cybercriminals and internal leaks is to consolidate its 15,000 networks into a single “joint information environment.” JIE is a set of security protocols — which the Pentagon calls a single security architecture…Although the JIE is not a “program of record” with its own funding line, it will be financed under the Pentagon’s $23 billion cybersecurity budget. Leading the massive network integration effort is the Joint Staff, U.S. Cyber Command and Defense Information Systems Agency [DISA].

                                                — via National Defense Magazine, 13 September 2013

It is good that DISA will serve as the Joint Information Environment (JIE) development hub, with associated accountability. However, I noticed that the head of DISA, Air Force Lt. Gen. Ronnie D. Hawkins Jr., mentioned this:To foil insider leaks, the JIE will track network activity using ‘identity access management’ technology.I am familiar with a cloud services vendor, Amazon Web Services (AWS), who uses the same terminology, “identity access management” or IAM. AWS is a wholly owned subsidiary of Amazon.com, the e-commerce retailer. 

FedRAMP

do not know whether IAM is an Amazon.com trademark, i.e. if it is unique to AWS. I do know that Amazon was granted FedRAMP, a special government contracting credential, in May 2013.

FedRAMP is a is a cost-cutting initiative intended to do away with checking the safety of cloud services, if the products already have cleared the program’s boilerplate style security audit. It guarantees that a cloud service complies with U.S. laws for guarding federal information, but is not applicable to classified or high-security systems.

Outsourcing

In my opinion, something as vitally important as our national defense deserves to be handled internally, watched over by government employees and military servicemen whose loyalties and steadfastness is unwavering. Congress should put aside sufficient funds. I can’t think of many other government initiatives more worthy of being done right! I truly hope that the new Joint Information Environment will be implemented by U.S. Department of Defense staff or civilian employees of the federal government, rather than being outsourced to Amazon Web Service’s cloud. Yes, it may be more costly, in the short term, but we can’t have everything. We need to decrease dependency on contractors.

Update

On 6 June 2014, FedRAMP updated security controls to align with the updated security and privacy controls for Federal information systems and organizations, per NIST Special Publication 800-53.

Leave a Reply

Your email address will not be published. Required fields are marked *