Saturday, January 8, 2011

Project Lightning: Building NIPRNet's DMZ

Via (Jan 7, 2011) -

The Defense Information Systems Agency (DISA) has created a "demilitarized zone" for unclassified applications to help manage access between the public internet and Unclassified but Sensitive IP Router Network (NIPRNet), according to Dave Mihelcic, DISA's CTO.

The DMZ also protects against cyberattacks, he said. In the case of a cyber attack, the DMZ would allow increased security while still leaving critical servers open to the internet as necessary.

DISA has taken a leadership role to lock down military cybersecurity, and the DMZ is one of two programs that are emerging as key components to maintaining the security of DOD’s most sensitive data, officials have said.

We have to share information safely,” said Richard Hale, DISA chief information assurance executive. “If we break sharing, we’ve broken a lot of things…but we still have to keep things secret.” Hale and Mihelcic spoke as part of a DISA panel at a luncheon held in Arlington, Va., and sponsored by the DC chapter of AFCEA.

The DMZ is “a collection of services to secure both inbound and outbound traffic, and control what is exposed and what isn’t,” Mihelcic said.

According to Hale, the DMZ concept – which he said will be re-named "Project Lightning" because “DMZ is the worst name possible” – emerged from combatant commanders’ need to take mission risks without putting other commands and leaders at risk.

“This will let us improve sharing; no more one-size-fits-all NIPRNet, and no one-size-fits-all reactions to problems on NIPRNet,” Hale said. He said the design and network restructure plans for Project Lightning/DISA DMZ have been agreed upon and will take about two years to roll out across all DOD networks.

No comments:

Post a Comment