NCJ Number
191175
Date Published
2001
Length
181 pages
Annotation
The report offers a set of options for the U.S. military to take to prepare for information infrastructure attacks.
Abstract
In its 1996 report, the Defense Science Board (DSF) recommended the Pentagon spend $3 billion to strengthen defenses on its information networks. While some considered the report as unrealistic, technology has continued to evolve and the problems have become much more complex. The United States will be attacked in the future with an array of effective warfare tools. In Joint Vision 2020 (JV2020), future warfighting plans will be increasingly reliant upon high-speed interconnected information networks to identify targets and carry out battles. This information needs to be protected. The Pentagon trusts its assured information in its information network, called the Global Information Grid (GIG). Without adequate protections, the GIG will introduce vulnerabilities to the military force structure. Commercial infrastructure forms the underpinning of the GIG because it is cost-effective, although perhaps not as secure. To evaluate the security and effectiveness of the GIG, the Pentagon needs to establish a test bed to evaluate and improve information assurance (IA) and develop technical metrics of IA effectiveness. The DSF task force found the Department of Defense (DOD) was not yet building the means to achieve and retain information superiority in the presence of a robust warfare threat. To reduce the risk, the task force made several recommendations, including the implementation of a consistent security architecture for every node on the network that forms the GIG, the moving of all of the DOD's public Web sites off the NIPRNET and into a more controlled environment, and the improvement of the security of the GIG through continued research. Another category of recommendations addressed readiness of systems and people. The task force found that Defense Information Operations (DIO) was not adequately integrated into mission planning. The Secretary of Defense should issue guidance to make intelligence a key element of all military planning and operations. During the past 3.5 years, the National Security Agency has conducted 37 assaults on the DOD's networks, 99 percent of which went undetected. That number of assaults hardly represents the level of attacks envisioned in the 1996 DSB task force recommendations. The task force also found the shortage of information technology professionals was serious and growing. The DOD needs to improve its recruiting and salaries to redress the shortage. The DOD's workforce at all levels is ill-prepared to execute DIO's mission because training efforts are fragmented, inadequately scoped, and poorly documented. The task force addressed several policy and legal issues associated with DIO as well. Some of the issues cannot be meaningfully addressed solely within DOD, even though DOD will be affected by the outcome of the debate surrounding them. The issues are: moving toward a common terminology; the requirement for government-wide coordination; improving information sharing among agencies; and identifying and protecting critical infrastructure. Because so much of military infrastructure is also the civil infrastructure, the DOD needs a national coordinator for DIO. Tables, appendices