The Voice of Military Communications and Computing

Infrastructure Modernization Infrastructure Modernization ✯✯ Cloud Computing Cloud Computing ✯✯ X-band SATCOM X-band SATCOM Security Technical Implementation Guides Security Technical Implementation Guides ✯✯ VoIP VoIP ✯✯ Virtualization Security Virtualization Security

ARMY GNEC

SPECIAL PULL-OUT SUPPLEMENT

Network Network Constructor Constructor

Lt. Gen. Lt. Gen. Jeffrey A. Jeffrey A. SorensonSorenson

Chief Information Chief Information Officer/G-6Officer/G-6Department of the ArmyDepartment of the Army

PRSRT STDU.S. POSTAGE

PAIDROCKVILLE, MDPERMIT # 2669

www.MIT-kmi.comwww.MIT-kmi.com

C4ISRC4ISRJuly 2009July 2009

Volume 13, Issue 6Volume 13, Issue 6

MILITARY INFORMATION TECHNOLOGYJULY 2009

VOLUME 13 • ISSUE 6

FEATURES COVER / Q&A

2525

DEPARTMENTS

2

4

20

22

42

43

Editor’s Perspective

People

JTRS Update

Data Bytes

COTSacopia

Calendar, Directory

INDUSTRY INTERVIEW

4444

Lieutenant General Jeffrey A. Sorenson

Chief Information Officer/G-6

Department of the Army

Mike BradshawDirector

Google Federal

3232

Modernization Program Delivers

Since its inception in 2006, the Army’s Infrastructure

Modernization Program has been the most massive

restructuring of information technology in the history of the

military.

By Jeana Cunningham

3030

The Cloud’s Unlimited Possibilities

Through the cloud computing model of IT services, the

military can better manage the unpredictability and dynamic

nature of IT support to warfighter operations.

By Lauren C. States

1010

Encyclopedia of Security

In the ongoing battle to protect Department of Defense

networks, one of the bulwarks is a set of security standards

and guidance documents known as Security Technical

Implementation Guides.

By Peter Buxbaum

66

Bringing VoIP to the Field

As use of Voice over IP grows, the military and industry are

developing and testing new ways to enhance utility, security

and interoperability of the technology.

By Tom Marlowe

1515

X-band Advantage

Amid constraints in the supply of commercial C- and Ku-band

space segment, DoD is looking to commercial X-band

satellite communications to supplement the MILSATCOM

fleet.

By Adam Baddeley

3535

Virtualization Arsenal

Improved security and reduced costs are among the

attractions for the military of this increasingly popular

approach to utilizing computing resources.

If you can only improve what you can measure, as the saying goes,

there is still a lot of work to be done in the area of information assurance/

cybersecurity.

That’s one conclusion to be drawn from a recent report by the

Department of Defense’s Information Assurance Technology Analysis

Center (IATAC), titled “Measuring Cyber Security and Information

Assurance,” which looks at the vexing question of how to objectively

evaluate efforts to defend military and other networks. Although

network defense depends critically on the ability to gauge security

status in real time, the report makes clear, there is no universally

recognized way to rate the success of that defense and how it changes

over time and in response to different policies.

To be sure, there has been progress, especially compared with a decade or so ago, when there

was real debate over whether IA metrics would be useful or even feasible. These days there seems to

be a consensus that measuring IA is a good idea, and indeed is essential in light of growing federal

mandates in this area.

Government, industry and academia have been working hard to develop measurement strate-

gies, and a number of processes and frameworks have emerged to offer guidance. IA statistics can be

combined into composite ratings, such as the Common Vulnerabilities Scoring System, to create an

overall picture of security status. Automatic tools for IA measurement also exist, although more often

as custom developments than commercially available products.

The report concludes with a call for further efforts to

advance the state of the art of IA measurement, including

development of a standard set of definitions and common data

formats. Particularly important for the military, it seems to

me, will be to come up with real-time measures for immediate

diagnosis of intrusions and other security events. You can’t tell if

you’re winning unless you can keep score.

KMI MEDIA GROUP FAMILY OF MAGAZINES AND WEBSITES

www.MT2-kmi.comwww.SOTECH-kmi.com www.MIT-kmi.com www.MAE-kmi.com

Military AdvancedEducation

Military Information Technology

SOF LeaderSOF Leader

Admiral Eric Admiral Eric T. OlsonT. OlsonCommanderCommanderUSSOCOMUSSOCOM

Body ArmorBody Armor ✯✯ Image Analysis Image Analysis ✯ ✯ Weapon Suppressors Weapon Suppressors Wearable Power Wearable Power ✯ ✯ CSAR with a Twist CSAR with a Twist ✯ ✯ PEO Soldier PEO Soldier

USSOCOM Program

Updates

Updates

May

20082008Volume 6, Issue 4Volume 6, Issue 4

www.SOTECH-kmi.comwww.SOTECH-kmi.com

USSOC

USSOCWorld’s Largest Distributed Special Ops Magazine

Special Operations Technology

Military Training Technology

www.MLF-kmi.com

Military Logistics Forum

www.GIF-kmi.com

Geospatial

Intelligence Forum

www.MMT-kmi.com

Military Medical/CBRN Technology

www.MSMF-kmi.com

Military Space & Missile Forum

EDITORIAL

Managing EditorHarrison Donnelly harrisond@kmimediagroup.com

Copy EditorsRegina Kerrigan reginak@kmimediagroup.com Diana McGonigle dianam@kmimediagroup.com

CorrespondentsAdam Baddeley • Peter Buxbaum • Scott Gourley Tom Marlowe

ART & DESIGN

Art DirectorAnna Druzcz anna@kmimediagroup.com

Graphic DesignersScott Morris scottm@kmimediagroup.comAnthony Pender anthonyp@kmimediagroup.com Jittima Saiwongnuan jittimas@kmimediagroup.com

ADVERTISING

Account ExecutivesTabitha Naylor tabitha@kmimediagroup.comDean Sprague deans@kmimediagroup.comTed Ventresca tedv@kmimediagroup.com

KMI MEDIA GROUP

President and CEOJack Kerrigan jack@kmimediagroup.com

Executive Vice PresidentDavid Leaf davidl@kmimediagroup.com

Vice President of Sales and MarketingKirk Brown kirkb@kmimediagroup.com

Editor-In-ChiefJeff McKaughan jeffm@kmimediagroup.com

ControllerGigi Castro gcastro@kmimediagroup.com

Publisher’s AssistantCarol Ann Barnes carolannb@kmimediagroup.com

OPERATIONS, CIRCULATION & PRODUCTION

Circulation SpecialistsDena Granderson denag@kmimediagroup.comDavette Posten davettep@kmimediagroup.com

MARKETING & ONLINE

Marketing & Online DirectorAmy Stark astark@kmimediagroup.com

Trade Show CoordinatorHolly Foster hollyf@kmimediagroup.com

MILITARY INFORMATION TECHNOLOGY

VOLUME 13, ISSUE 6 JULY 2009

SUBSCRIPTION INFORMATION

Military Information TechnologyISSN 1097-1041

is published 11 times a year by KMI Media Group.

All Rights Reserved. Reproduction without permission is strictly forbidden. © Copyright 2009.

Military Information Technology is free to members of the U.S. military, employees of the U.S. government and

non-U.S. foreign service based in the U.S. All others: $65 per year. Foreign: $149 per year.

Corporate OfficesKMI Media Group

15800 Crabbs Branch Way, Suite 300 Rockville, MD 20855-2604 USA

Telephone: (301) 670-5700Fax: (301) 670-5701

Web: www.MIT-kmi.com

A PROUD MEMBER OF

The Voice of Military Communications and Computing

Harrison Donnelly

harrisond@kmimediagroup.com

(301) 670-5700

Navy Captain Sean

R. Filipowski, who

serves as division

director, Computer

Network Operations,

Naval Network Warfare

Command, has been

nominated for appoint-

ment to the rank of

rear admiral (lower

half).

Air Force Brigadier

General Ronnie D.

Hawkins Jr. has been

nominated to the grade

of major general while

serving as the deputy

director, policy and

resources, Office of

Warfighting Integration

and Chief Information

Officer, Office of the

Secretary of the Air

Force.

Regina E. Dugan

has been selected as

director of the Defense

Advanced Research

Projects Agency.

Army Major Mark

Henderson has

been assigned as

assistant project

manager, Vehicular

Intercom Systems,

under the Defense

Communications and

Army Transmission

Systems project office of

the Program Executive

Office, Enterprise

Information Systems.

Navy Rear Admiral

(lower half) Janice

M. Hamby, who has

been selected for

promotion to rear

admiral, has been

assigned as vice director

of command, control,

communications and

computer systems, J6,

Joint Staff.

Air Force Brigadier

General (s) Kenneth

J. Moran has been

assigned as director,

Expeditionary Combat

Support System

Program, Electronic

Systems Center,

Air Force Materiel

Command.

Navy Rear Admiral

(lower half) David G.

Simpson, who has been

serving as director, Navy

Networks, N6N, Office

of the Chief of Naval

Operations, has been

assigned as director,

CJ6, Multi-National

Force-Iraq.

Lawrence B. Prior

III has been selected

as president and chief

operating officer of

ManTech International,

where he will also

serve on the board of

directors. He had been

serving as COO of SAIC.

SafeNet Inc., a provider

of information security,

now affiliated under

common management

with Aladdin Knowledge

Systems‚ has hired

Mark A. Floyd as chief

executive officer. Floyd

assumed a position

that had been vacant

since October 2006.

Previously, he served

as CEO of Entrisphere,

a communications

equipment provider;

prior to that, he was

the founder and CEO

of Efficient Networks,

a telecommunications

equipment company

specializing in Digital

Subscriber Lines. Most

recently, Floyd was a

partner with El Dorado

Ventures.

Lawrence B. Prior III

Maj. Mark HendersonBrig. Gen. Ronnie D.

Hawkins Jr.

peopleCompiled by KMI Media Group staff

Mark A. Floyd

mark.floyd@safenet-inc.com

Alexander to Head Cyber Command

Army Lieutenant General Keith B. Alexander,

director of the National Security Agency and chief of

the Central Security Service, is expected to become

the head of the planned U.S. Cyber Command.

The new command was announced by Secretary

of Defense Robert Gates in a June memo to the Joint

Chiefs of Staff, in which he indicated he would

recommend that President Obama appoint Alexander

as commander. Cybercom will be responsible both for

coordinating defense of military networks against

cyberthreats, and for developing offensive cyber-

operations.

Alexander, who will also continue to serve in his

current posts, is expected to be promoted to the rank

of general.

In a recent interview with MIT, Alexander observed,

“Achieving the goal of cybersecurity will require the

collective efforts of many across the government and

private sector.” (MIT Volume 13, Issue 5, June 2009,

page 25.)

www.MIT-kmi.com4 | MIT 13.6

General Dynamics provides solutions enabling secure voice and data communication from the core of your network to the tactical edge. Our portfolio includes the smallest, lightest Type 1 network encryptor, software that allows users to view and access multiple security domains simultaneously from a single computer, the only VoIP desktop phone certified for Top Secret and below over commercial networks and the only NSA-certified SME PED Smartphone.

®

General Dynamics Secure Communications: We Bring You What’s Next.

TACLANE ®-Micro(KG-175D)

Smallest, Lightest TacticalNetwork Encryptor

Sectéra ® vIPer ™

Universal Secure PhoneSectéra ® Edge

Smartphone SME PED SIPRNET Access

Whenever, Wherever

SecureCommunications

Note: security classification labels shown on this equipment are for example purposes and do not reflect any actual classification; all information shown is unclassified. The Sectéra Edge was developed under the National Security Agency’s Secure Mobile Environment Portable Electronic Device Program. © 2009 General Dynamics. All rights reserved. TACLANE, Sectéra, vIPer and Edge are trademarks of General Dynamics. HAIPE is a registered trademark of the National Security Agency. All other product and service names are the property of their respective owners. Microsoft product screen shot reprinted with permission from Microsoft Corporation. General Dynamics reserves the right to make changes in its products and specifications at any time and without notice. CNN web image courtesy CNN.

TVE DesktopMultiple Levels of Security

On a Single Computer

Voice over Internet Protocol (VoIP) phones offer military units the potential to deploy one network for data and voice communications, streamlining operations and saving money while providing versatile services. But although the Department of Defense has been using VoIP technologies for five years or more, piecemeal adoption has left various parts of U.S. military forces with different technologies.

Because it’s imperative to make certain that those technologies are secure and work well together, warfighters participate in exercises such as the Joint Users Interoperability Communications Exercise (JUICE), held by the Army Communications-Electronics Command (CECOM) Lifecycle Management Command at Fort Monmouth, N.J.

The latest exercise, which occurred in June, exam-ined how to manage various communications tech-nologies and thereby make phone calls from one kind of device to another, according to John Caruso, chief of the Executive Agent for Theater Joint Tactical Networks (EA-TJTN).

“It takes a look at the operational gaps that exist in the field and the shortfalls out there,” Caruso said of JUICE. “We basically put together a network and make sure we have the right mix of communications to take a look at some of these gaps. It’s a real-world network. It has real-word services just as if it were deployed, and we put together pieces of it replicating issues and problems in the field to take a look at technologies, techniques and procedures.”

This year, JUICE focused on supporting the warfighter in NATO and coalition forces and addressing communications gaps across various technologies as well as testing interoperability between members of Joint Task Forces. Within those areas, JUICE examined power requirements and beyond-line-of-sight systems. VoIP phones, in particular, have power requirements above and beyond traditional telephones.

“One of the gaps that existed is that a commander goes into the field and has six different phones sitting in front of him. Who you are talking to depends on which one you pick up,” Caruso described.

“We put together a network with the cooperation of a lot of people,

where a commander can go into a field with a Global System for Mobile [GSM] cell phone and get into all of those networks. We are try-ing to show you can bridge the different networks that exist out there today with the equipment in the field. It doesn’t require the purchase of anything else; it’s just engineering,” he said.

Matching DoD requirements, JUICE participants made use of a session initiation protocol (SIP) that permitted translation between different networks. The exercise went well and callers successfully made calls between secure and nonsecure phones as well as phones that delivered Voice over IP and those that didn’t.

Indeed, the goal of reaching joint secure voice interoperability involved the use of radio over IP, cellular, GSM, Iridium, Voice over secure IP (VoSIP), VoIP, GSM, and the Defense Red Switch Network (DRSN).

“We had an IPv6 session going on with real IPv6 addresses, not contrived ones. We had an up-and-run-ning IPv6 network, and we did voice, data and video over it, which has probably never been done before. We had IPv6 encrypters,” Caruso reported.

CECOM will generate a final report with empirical data on communicating across those technologies. Caruso and his team will identify technologies that may be useful in bridging those gaps and thus require

certification from the Joint Interoperability Test Command (JITC). EA-TJTN will build upon those results for next year’s exercise to provide an evolution in the exercise scenario.

Some of the most interesting results come from unplanned facets of JUICE. For example, this year’s exercise involved forces from the regular Army, Navy, Marine Corps and Air Force, as well as from the National Guard. The National Guard used Army radios to communi-cate, which was an unanticipated wrinkle in the exercise. But it went smoothly, and participants were encouraged about their capability to bring others into the exercise.

“The theme this year was bridging the gaps. We will probably look at that again next year, but we will expand JUICE even further to bring in more of the civil support people,” Caruso said.

AS USE OF VOICE OVER INTERNET PROTOCOL GROWS, THE MILITARY AND INDUSTRY ARE DEVELOPING AND TESTING NEW WAYS TO ENHANCE UTILITY, SECURITY AND INTEROPERABILITY.

BY TOM MARLOWE MIT CORRESPONDENT MARLOWET@KMIMEDIAGROUP.COM

John Caruso

www.MIT-kmi.com6 | MIT 13.6

ISLANDS OF COMMUNICATION

One of the approved technologies that JUICE made use of was the TRANSip IP telephony technology suite, which is a full VoIP solution that provides interoperability between time division multiplexing (TDM) and IP technologies from REDCOM Laboratories Inc.

REDCOM has taken great care in the development of its products to make certain that it does not leave communications gaps between those using new and old equipment, according to Dinah Gueldenpfennig, REDCOM vice president of planning and government program administration.

“IP is a highly desirable technology due to its ability to transmit everything over one medium,” Gueldenpfennig stated. “VoIP is also still a push technology. It has a lot of nice features, but you still have a lot of legacy equipment that is in use, and you cannot simply rip out and replace immediately. Part of that is due to costs but it’s also due to logistics. Imagine somebody that is in theater with an effort going on and then he’s told he has to change out his equipment.”

So while VoIP offers a leap forward in communi-cations capabilities, warfighters must also continue to communicate with those who do not have VoIP. REDCOM’s switches with TRANSip, a technology that provides VoIP and TDM combined, enables military users to place calls “from the foxhole to the Pentagon,” Gueldenpfennig said.

The use of such a technology eliminates the need for everyone along a single line of communications to upgrade to the same device, she added. “You don’t want to do a rip and replace. It’s easier if you provide a product that you can adapt as you transition from one technology to another without abandoning islands of one type of technology so you preserve your invest-ment.”

In addition to providing versatile and rugged hardware, REDCOM supports its products with secure applications such as secure conferencing.

The company is participating in the AS-SIP pilot program with the Defense Information Systems Agency (DISA) to test implementation of assured services SIP. AS-SIP meets requirements for estab-lishing communication with resource priorities, ensuring system and network access and control, and providing precedence and pre-emption policies to assure connectivity for command and control.

“While the goal is full interoperability and con-nectivity, there are islands of communication that are Voice over secure IP, that are not directly connected to the Defense Switch Network,” Gueldenpfennig said. “We have an advanced VoSIP gateway application where you can make a call from one to another. It allows a user on a SCIP device in a legacy TDM network such as the DSN to dial a black number and speak securely to a classified VoSIP user.”

The JUICE exercise demonstrated those capabilities, enabling users to conduct end-to-end interoperable command and control com-munications across a variety of networks and standards.

But VoIP brings with it challenges of security and reliability. DISA

requires vendors on its approved products list to implement new requirements periodically and to retest those products at the JITC to ensure that they can withstand a host of threats.

“When you think of your PC being connected to the network, you have the risk of viruses or being brought down by a denial-of-service attack. The same thing applies to a VoIP switch,” Gueldenpfennig explained.

JITC thus tests the information assurance of products periodically to see that they meet security and reliability require-ments for warfighters.

“One of the problems is that these kinds of threats crop up at a really fast pace,” Gueldenpfennig said. “Every time there is a new threat, the requirements change to make sure that threat is mitigated. Whenever you go to JITC for testing, you have to meet those latest require-ments. It takes a considerable amount of time to get that accomplished. One of the challenges of this process is getting the product to the customer in a timely fash-ion.”

In agreement with the need to get through the JITC in a timely fashion is Ed Bursk, who heads government business development for Nokia Siemens Networks. “Nokia Siemens Networks has a long history of support-ing U.S. government telecommunications and network-ing, in over 100 sites, worldwide,” Bursk said. “Bringing key solutions through the JITC is essential—to us as a partner to government to prove out government-specific capabilities, as well as to the government to assure the security of our solutions. For an example, we’re now bringing our next generation voice/video/data solu-tion for DISA, Air Force, Army and more—including a multi-function softswitch and a local session controller per DISA’s Unified Capabilities Requirements spec—into the JITC, to show both LSC and MFSS with Assured Services SIP, for VoIP, video and data end-to-end across the network.”

The Nokia Siemens Networks solution overlays exist-ing TDM-based sites with Nortel, Siemens and other switches seamlessly and enables reliable wide-area com-munications for voice, video, conferencing and collabora-tion apps. The company is working closely with DISA on its next generation of networking services, Bursk noted.

DEFENSE SWITCHED NETWORK

The capabilities for using VoIP come from the switches installed on the Defense Switched Network (DSN) as well as the DRSN. For as long as those networks have been in existence, DoD has relied heavily on con-tractors such as Nortel.

DISA hired Nortel to deploy a six-Multi-Function Switch backbone for the DSN in preparation for the eventual transition to VoIP. Of the 22 sites selected for upgrade to Multi-Function Soft Switch capability, Nortel is currently providing voice service to 21 of them (with Nokia Siemens Networks providing the other), said Steven Derr, vice presi-dent of engineering for Nortel Government Solutions products.

The first phase of the VoIP work occurred from 2004 to 2008, Derr noted, where stakeholders developed the unified capability require-ments for DoD, resulting in the publication of the requirements in

Dinah Gueldenpfennig

Ed Bursk

ed.bursk@nsn.com

Steven Derr

steve.derr@nortelgov.com

www.MIT-kmi.com MIT 13.6 | 7

December 2008. DISA, Nortel, Siemens and others like Cisco partici-pated in the four-year study to develop the unified capability standards, Derr remarked.

From there, the project has entered the second phase, where deployment of the multi-function soft switch backbone occurs. Com-panies like Nortel are in the process of responding to requests for pro-posal to carry out that work. Derr anticipates contract awards in the third quarter of 2009 and implementation to occur through the final quarter of 2009 through mid-2011 to the 22 sites. A small number of sites would be upgraded initially, with multi-vendor participation anticipated, according to Bursk.

The third phase of the project runs through 2015, whereupon all VoIP infrastructure should be installed and operational for the Army and Air Force.

Defining the requirements for the project and preparing for its execution have posed unique issues, Derr noted. “The first challenge was being able to replicate the military-unique functionality that exists today in TDM. There was no way to do it in Voice over IP.”

So DoD, Nortel, Nokia Siemens and others worked together to develop a standard signaling protocol based on SIP for assured ser-vices. Traditional assured services provide multi-level precedence and priority where users can preempt and override phone calls in a TDM environment based on privilege class, Derr said. Assured services SIP does the same thing for military users.

With that breakthrough, warfighters are poised to take advantage of things VoIP can do easily that old TDM networks could do only with difficulty.

For example, “Somebody could be out there on a very low-band-width satellite link and they are trying to report information back,” Derr offered. “Think of special operations forces on the edge. All they have is a low-bandwidth tactical link that they can set up once in a while. They send some information and have a quick conversation and then they have to move and ‘get out of Dodge’ and do something else so they don’t get caught. That’s the ultimate edge of the tactical network.

“Those guys want to have a single unified client where they can communicate in whatever means that their bandwidth and network connectivity will allow,” Derr stated.

The Nortel Application Server 5300 provides warfighters with a single client that can handle instant messaging, video, VoIP and other needs, thereby eliminating the need for multiple pieces of equipment to fulfill a single task of communicating forward information or pro-viding situational awareness, Derr commented.

The Nokia Siemens Networks Nil NGN solution provides inte-grated voice, messaging, video and data transfer capabilities from the desk to the field and back, with assured services end to end.

In places where bandwidth isn’t an issue, for example at a major base, users can take advantage of readily available features such as instant messaging and Web collaboration within a robust environ-ment, Derr added.

While all of these operations have gone very well to date, Derr acknowledged that there have been some challenges about security in the future as IPv6 takes root in defense networks. A number of things must occur for a secure transition to IPv6, but no agencies are receiv-ing dedicated funding to budget for the transition.

“Nobody has an IPv6 transition budget to execute against, yet we keep having to develop and implement against the IPv6 RFCs that are out there in order to meet the JITC requirements,” Derr said.

DOD CALLING

A VoIP call requires a device to make that call, and developers such as General Dynamics have been stepping up to the plate to provide such phones. The Sectéra vIPer Universal Secure Phone is one of the top performers in VoIP communication devices.

“One of its distinguishing factors is that in addition to Voice over IP, it acts as a universal phone. As organizations migrate to Voice over IP, they also have the capability to operate on the conventional PSTN network with a single phone. The user can convert the device over to Voice over IP when their organization converts to Voice over IP,” said Tom Liggett, business area manager for voice products at the Informa-tion Assurance Division of General Dynamics.

The vIPer phone has the latest National Security Agency Type-1 cryptography in it, which makes it a superior option to legacy devices like the STU-3 phone, Liggett said.

Indeed, as NSA continues to push forward with enhanced cryp-tography standards, Liggett noted, vIPer can implement upgrades to those standards easily as it makes use of software-based cryptography.

vIPer also ensures interoperability with other communications devices on various networks, Liggett said. The phone interoperates with secure terminal equipment (STE) products, general cellular net-works, and the Sectéra Edge secure smartphone, among other devices. And it does so with the highest security standards.

“The vIPer phone provides end-to-end secure communications, which is a unique capability,” Liggett noted. “The voice conversation is completely encrypted from one end-device to another device. There are certain enclaves within the Defense Red Switch Network right now where that’s not the case. You might have an enclave of cleared telephones, and you might encrypt a link between your building and another building, but there is still a portion of that path where the voice communication is not encrypted. With the vIPer, you get complete encryption from end to end, so it allows another layer of security.”

General Dynamics also focused a lot on voice quality in the devel-opment of its vIPer phone, Liggett said. That’s particularly important to tactical warfighters in low-bandwidth environments.

“These devices go into a lot of environments where they might be ultimately operating over a SATCOM link or low-bandwidth links. There are a lot of aspects of the design that we went through to ensure good voice quality over these tactical networks,” he commented.

The vIPer phone is also SIP-capable, making it ready for use over the VoIP switches to be deployed on the DSN, Liggett observed. Gen-eral Dynamics is participating in the interoperability testing to ensure reliable communications over the new switches.

Once the VoIP switches have been rolled out, all military agencies can take advantage of cost savings associated with VoIP, Liggett said.

“Currently, networks are somewhat mixed. With analog phones in an organization, a different organization is typically maintaining your phone system than your computer network. One of the big advantages with Voice over IP for both clear communications and secure com-munications is that you can now have a single IT organization that administers your entire network,” Liggett stated.

“As you add the security overlay into that, you can expand that network into secure areas and take advantage of the cost savings of Voice over IP,” he concluded. ✯

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at

www.MIT-kmi.com.

www.MIT-kmi.com8 | MIT 13.6

WHEN EVERY SECOND COUNTS

Your Mobile Communications Experts

BLUE FORCE TRACKING—HIGH CAPACITYAssured, secure communications. Anytime, anywhere.

On the battlefi eld when our soldiers need reliable situational awareness information fast, they turn to Comtech. Our new Blue Force Tracking – High Capacity (BFT-HC) transceiver builds on our battlefi eld proven network experience to provide the Military with a fl exible, forward leaning communications platform that seamlessly integrates with all existing BFT systems while providing very high data rates and increased capacity to support future missions. Comtech’s evolutionary product development process coupled with advanced technological breakthroughs give leaders the most cost effective path towards guaranteeing our soldiers receive the very latest communication capabilities—today and every day—because every second counts.

For more information please call 240-686-2113 or visit comtechmobile.com

Transceivers

Network Ground Stations

Encyclopedia of SecurityEncyclopedia of Security

In the ongoing battle to protect Depart-ment of Defense networks, one of the bul-warks is a set of security standards and guidance documents that collectively could be called an “encyclopedia of security”—the Security Technical Implementation Guides (STIGs) developed by the Defense Informa-tion Systems Agency (DISA).

In a nutshell, DISA STIGs are the con-figuration standards for hardening DoD information systems and devices. There are STIGs on dozens of information system and networking components and on thousands of vulnerabilities, covering topics from appli-cation security, biometrics, databases and desktop applications to enterprise resource planning, instant messaging, network infra-structure, operating systems and wireless communications.

Complying and tracking compliance with STIGs can be a daunting task for defense organizations, however. In response, a num-ber of companies have stepped forward to offer products and services that can help agencies stay on top of these demanding but essential tasks.

The STIGs are released under the author-ity of DoD Directive 8500.1, which requires that “all information assurance and IA-enabled IT products incorporated into DoD information systems shall be configured in accordance with DoD approved security con-figuration guidelines.” The directive tasks DISA to “develop and provide security con-figuration guidance for IA and IA-enabled IT products in coordination with the director of National Security Agency.”

“The DISA STIGs are key to establish-

ing a repeatable secure baseline for defense and industry computing devices and applica-tions,” said Colin Corlett, president of Excen-tium, which provides information assurance management services. “Initially, STIGs were available only for standard operating systems and databases. Recently DISA has focused its attention on developing standard guidance to establish baseline security for applications.”

“STIGs reflect DISA’s desire to provide prescriptive guidance on how to use common COTS software and configure it to remove the default settings and move to a higher level of security,” said Sean Sherman, a senior compli-ance architect at Tripwire, which provides con-figuration control services. “The STIGs provide the nuts and bolts on how to check configura-tion settings. DoD has so many systems in the field, and their users need consistent security advice.”

The STIGs are increasingly seen as the gold standard for information system security and have been gaining momentum outside of DoD, both in the private and public sectors. “Orga-nizations trying to get government contracts often need to comply with the STIGs just to get a foot in the door of federal agencies,” said Tom Bain, manager for marketing and corpo-rate communications at Application Security, a provider of database security solutions.

State government agencies are also start-ing to get into the act. “The state of Alabama uses a number of DISA STIGs as the basis for their own statewide IT security policies and standards,” said Tony Pompliano, chief execu-tive officer of Refense Technologies, a provider of vulnerability and compliance management solutions. “We expect this trend to continue

throughout government and private enter-prise.”

DISA has found the STIGs to have been well accepted. “For the most part, the feed-back has been very good,” said Terry Sherald, chief of the agency’s information assurance standards branch. “Systems administrators like the STIGs, they want to use them, and they see their value. When we are developing or updating a STIG, we allow the community to comment after we have written a draft.”

“There is a need being satisfied here,” added William Keely, DISA director of field security operations. “The STIGs give systems adminis-trators some level of assurance that they are doing the right thing even if they do not always agree with the STIG in every detail.”

BEYOND MANUAL

Not surprisingly, the process of evaluating operating systems, databases, Web servers and applications can become unwieldy with manual methods alone. “Although manual methods are still key to a complete security evaluation,” said Corlett, “automated tools have become necessary in today’s world of fast-paced and agile development.”

There are a number of tools available on the market today that automate what was traditionally a manual auditing process to verify compliance with various STIG and other standards. “When an engineer is tasked with verifying that a network device is properly con-figured according to a security standard, he has to manually log in to that device and look at the configuration field to confirm that it is config-ured in the way the STIG requires,” explained

BY PETER BUXBAUM

MIT CORRESPONDENT

BUXBAUMP@KMIMEDIAGROUP.COM

TECHNICAL GUIDES AND STANDARDS HELP AGENCIES PROTECT DEFENSE NETWORKS, AND COMPANIES ARE EAGER TO ASSIST WITH COMPLIANCE.

www.MIT-kmi.com10 | MIT 13.6

Pompliano. “That manual process can take a well-skilled engineer an hour or two per device. Not only is this labor intensive, but it is also diffi-cult to achieve a high degree of accuracy because people doing the audits are the same people who configured the device to begin with.”

One of the products Excentium uses to evaluate the security base-line and STIG compliance of database applications is Application Security’s AppDetective product. “The product incorporates the configuration require-ments identified in the database STIG,” said Corlett. “By using this product we have been able to reduce the evaluation time from a minimum of one day to a couple of hours.”

DISA’s database STIG requires an in-depth review of users, roles and privilege assignments, and mandates a process to approve those privileges. Application Security helps organizations comply with the database STIG and the specific requirements provided for Microsoft SQL Server, Oracle and IBM DB2.

“Manually assessing the security posture of a database is a complex task that requires expertise and sig-nificant resources,” said Josh Shaul, the company’s vice president for prod-uct management. “Manually measuring and demonstrating compliance with industry and government regulations is even more difficult.”

The Application Security product works “by scanning the target database for vulnerabilities and misconfigura-tions, and then providing reports on the findings,” explained Shaul. “AppDetec-tivePro contains scan policies, or tem-plates, specifically for the DISA STIG. The findings generated from the scan are presented in a format that makes it easy for organizations to assert compli-ance with the STIG.”

The operating system STIG sets requirements for such things as access control, file permission, user accounts, and session management. Trusted Computer Solutions provides software that assess compliance with the STIG and provides fixes for operating systems such as Linux, UNIX and Solaris.

“Operating systems like Linux and UNIX have evolved tremen-dously in the last 30 years to include a myriad of configuration fields,” said Jamie Adams, a senior secure systems engineer at Trusted Com-puter Solutions.

“There are 340 line items in the UNIX STIG alone,” added Sherryl Dorch, vice president of marketing at Trusted Computer. “The default settings for Red Hat Linux 5.2 shows 54 discrepancy indicators with respect to the STIG, many of them significant. It would take a system administrator a lot of time to get in there and maintain the level of security required by the STIG.”

“The STIG and checklist don’t always tell you how to configure the system in compliance with the STIG,” said Adams, “so you then have to dig into research to find out how to do that.” Trusted Computer’s Security Blanket product automates both the compliance assessment and the proper configuration of the system.

The network infrastructure STIG is designed to assist in meet-ing the minimum requirements, standards, controls and options that must be in place for secure network operations. The document includes sections providing the minimum requirements for enclave perimeters, firewalls, routers, device management, authentication, authorization and accounting, passwords, network intrusion detec-tion, switches and virtual local area networks.

Tripwire’s network infrastructure product works by installing a software agent on each device, rather than on switchers and rout-ers, explained Sherman. “The software makes sure that the STIG requirements are complied with,” he said, “such as making sure that passwords are of the required length and that users are locked out after entering three incorrect passwords.” Switchers and routers are monitored by the Tripwire product from servers.

Running Tripwire first generates a report on changes on the system. It checks configurations of devices against the relevant DISA STIG checklist and generates a report showing “whether you are compliant with the STIG or how far off you are from compliance,” said Sherman.

“DISA STIGs, along with VMware virtualization, are helping to pro-vide a reliable and predictable set of processes and tools to efficiently

Sean Sherman

ssherman@tripwire.com

Tom Bain

tbain@appsecinc.com

William Keely

william.keely@disa.mil

www.MIT-kmi.com MIT 13.6 | 11

and effectively manage DoD IT environments,” said David Hunter, chief technology officer for VMware Public Sector. “Starting with vir-tual machine images whose base operating systems and applications have been configured and validated to STIG requirements, administrators can simply deploy new VMs as required, using a standard master image.

“VMware enables these master images to be modi-fied as STIG requirements change, and then transpar-ently deployed to end-users. Inventory management control and deployment applications such as vCenter Lab Manager and Stage Manager environments can keep track of which VMs are deployed where and to which STIG version they comply. This can easily be done by using standards such as the DMTF’s Open Virtualization Format to ensure compatibility across multiple virtual-ized environments,” Hunter added.

VULNERABILITY MANAGEMENT

The Refense VMS (vulnerability management solu-tion) also assists in complying with the DISA network infrastructure STIG by comparing the configuration of network devices against the security policies detailed in the STIG and isolating misconfigurations and known vulnerabilities.

“Refense VMS mimics the tasks performed by an information assurance officer,” said Pompliano. “The solution includes a level of intelligence that is basically akin to human auditors. The process takes a few seconds for each device instead of an hour or two if done manually.”

For example, Refense audits compliance against STIG require-ments for routers. “The DISA STIG requires complex checking that if done manually would take some time and would be prone to high error rates,” said Pompliano.

One STIG specification for routers requires that the router admin-istrator restrict the premise router—the router connected to the upstream network provider—from accepting any inbound IP packets having a source field from BOGON or Martian IP addresses. “These BOGON and Martian lists are maintained to track unallocated or reserved IP address space,” explained Pompliano. “Router administra-tors would have to check this list and compare the IP address space with their access control lists on their premise routers to ensure that the access control lists match the current list.”

Another router requirement is for information assurance officers to ensure that denied attempts to any port, protocol or service is logged. “This would require that the information assurance officer or network administrator check every line of every access control list to ensure that logging is enabled for that entry,” said Pompliano. “If the devices have hundreds or even thousands of entries on the access control list, this can take some time to complete.”

In addition, Refense can also analyze firewall rules to ensure a par-ticular rule is in place to block an IP range that is prohibited access to DoD computers and systems. “There are multiple STIG requirements that network managers restrict RFC 1918 IP addresses on the net-work,” said Pompliano. “An engineer would need to review all firewall rules and access control lists to ensure that statements are present that block these IP addresses.”

RFC 1918 IP addresses are those that have been designated for private use.

In addition to these STIG-compliance activities, Refense can also scan networks for newly announced vulnerabilities. “With each of

these examples, Refense not only completes the audit task much more quickly than a human could, but also does so with greater accuracy,” said Pompliano. “In large organizations such as military branches that have tens of thousands of network devices deployed, searching out these vulnerabilities and ascertaining configuration postures would otherwise be akin to looking for a needle in a haystack.”

MOBILE GUIDES

DISA’s STIG for Windows Mobile Messaging, which provides guidelines for DoD for the installa-tion, configuration and operation of non-BlackBerry mobile e-mail systems, was recently updated to include device support for Microsoft Windows Mobile 6.0. Requirements in the STIG include standards for Bluetooth security, authenticated login procedures, and standards for required actions in case of the loss of the device.

Trust Digital, a company that provides mobile phone security products and services, has devel-oped mobility management software specified for compliance with the wireless STIG. In addition, Trust Digital’s Bluetooth smart card reader, which enables access to mobile devices using the DoD common access card, was also recently certified

for two-factor authentication. Developing a STIG for Windows-based smartphones allowed DoD

a secure alternative to the formerly exclusive use of BlackBerry devices within the department for mobile e-mail and messaging applications, according to David Goldschlag, Trust Digital’s executive vice president for corporate strategy and technology.

“What DoD needed was a system that would provide enterprise control and visibility,” Goldschlag said. “Because there is no third-party network operations center,” as is the case with BlackBerry mes-saging, “and messages stay within a native network operations center, classified message incidents are mitigated, giving DoD and other federal agencies tighter control of information, as well as enhanced auditing capabilities.”

The STIG for mobile devices provided guidance on how to deploy and use mobile Windows devices. “What the STIG did is to provide a blueprint for DoD buyers. It goes to a level of detail on what implemen-tation of smartphones looks like and how they are to be configured,” said Goldschlag.

Among other things, the STIG requires that only phones with up-to-date software and operated by the authorized individual be allowed access to the network. It also provides standards for synchronizing the e-mail available on smartphones with the command’s Exchange e-mail server. “One of the required components is the Trust Digital mobile security management system,” said Goldschlag.

The tools used to help organizations comply with the STIGs are designed to evaluate compliance and diagnose problems, but not to fix them with the application of software. DISA does issue software fixes aimed to do just that. Tripwire’s Sherman cautions against jumping to actually running those scripts, however.

“The DISA utilities can be used to harden a server for you,” he said,

Josh Shaul

Tony Pompliano

apompliano@retense.com

www.MIT-kmi.com12 | MIT 13.6

© 2009 General Dynamics. All rights reserved. Photo Courtesy of U.S. Army.

HMS now includes the AN/PRC-154 Rifleman Radio – to seamlessly connect every rifleman to the combat network, enabling voice and data

communications for better decisions, safer environments and mission

success at the very edge of the battlefield. Designed to bring secure intra-squad communications to the tactical edge, this handheld enables Team and Squad leaders to track and assess riflemen GPS locations and other vital situational information. And because it’s HMS, it meets real JTRS requirements now and provides the capabilities needed today.

For more information, visit www.gdc4s.com/riflemanradio

Ready. Real. Required.

“but in the real world the STIG is a baseline prescriptive standard.” The reality of information systems is that they are complex, and

configuring a server by running a DISA script could have unintended consequences. “It is possible to configure an operating system so that applications won’t run,” said Sherman. “If you blankly apply the scripts as produced by DISA you might find yourself in an uncomfortable position. Our product goes in and checks server systems to see if it matches what the DISA checklists prescribe. That is where our product makes its play.”

Trusted Computer Solutions takes a different approach, by also providing the fix to the operating sys-tem configuration problems it covers. “From feedback from customers, we understand that they want to know exactly what we are fixing,” said Adams. “Our product provides them with that information.”

But Adams agreed with Sherman that the impact of the STIG fixes on applications is unknown, until they are actually tested. That is why the Trusted Computer product comes equipped with an “undo” function that restores all the configuration fields and values to where they were before. “If you can’t get your applications to work with the STIG con-figurations, you have to apply for a waiver,” Adams noted.

From DISA’s perspective, the STIGs have made their marks and will continue to do so. “They have become the foundation to a lot of security processes within DoD,” said Keely. “They are foundational to our opera-tions, and their importance continues to increase.”

The only current tools that DoD and DISA develop to automate the remediation of vulnerabilities are the Gold Disk and SCRI. In both cases there is published guidance encouraging the users to validate remediations in a lab environment prior to applying fixes to production systems.

ACCESS CONTROL

The STIG addressing network access control (NAC) provides processes for identifying, authenticating and authorizing access to protected assets and presents a methodology for selecting and integrating access control solutions. The key feature of the NAC STIG is a multilayer approach that places great emphasis on controlling traffic at switch ports internal to the network rather than on perimeter control.

ForeScout Technologies offers a product called CounterACT CT-1000 to address the requirements for port-based access control outlined in this STIG. CounterACT is the only approved network access

control solution on the U.S. Army Information Assurance Approved Products List.

CounterACT is a switch-agnostic network appliance that provides real-time visibility and control over port-based access requests. It addresses the key criteria of the STIG, verifying that both the com-puter and the user have authorized access and that the computer configuration is compliant with security standards.

“When a device connects to the network, CounterACT will see and identify the device and the user,” explained Don Byrne, ForeScout’s federal director. “It will determine if the device is properly patched, whether its anti-virus is up to date and whether it is otherwise compli-ant with requirements.”

If CounterACT identifies a problem with a device, the system administrator can take appropriate action: update the anti-virus soft-ware, integrate with a patch management solution, or issue a com-mand to shut down the switch port to prevent an unauthorized access to the network.

CounterACT works whether or not a network has implemented Protocol 802.1x, a network access standard promulgated by the IEEE. Few DoD systems have implemented this protocol, Byrne noted, although other network access solutions require 802.1x compliance in order to work.

“The requirement that the DISA STIG identifies is basically two-fold,” added Steve Cooper, a former chief information officer of the Department of Homeland Security who is currently a partner and founding member of Strativest. “First it says, ‘Network ports should be both physically and logically secured to prevent unauthorized access to the DoD enclave.’ It goes on to say, ‘Both unclassified and classi-fied networks require the implementation of a logical network port security solution.’

“Basically the requirement says device access must be controlled at the switch port. Not all NAC solutions are alike, so you need to be sure that if you are implementing an NAC solution, it meets this fundamental requirement outlined in the STIG,” Cooper said. ✯

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject,

search our archives at www.MIT-kmi.com.

What kinds of Security Technical Implementation Guides (STIGs) are we likely to see in the future? As technology continues to develop, the Defense Information Systems Agency (DISA) plans on issuing STIGs to cover them.

Virtualization of everything from data centers to opera-tions centers to applications will require the development of a new STIG to cover those, according to Dave Hoon, a contractor supporting the DISA IA standards branch for EDS, an HP company.

A STIG covering virtualization, streaming technologies and cloud computing will likely be “the thrust of DISA’s efforts in 2010 and 2011,” he said.

“We also need to look at platforms that provide applica-tions as a service,” he added. “As data is increasingly stored in virtualized environments, we need to develop require-ments for the separation, storage and transport of data as well as for access controls. We need to make sure that the commercial entities providing these services meet the same requirements as DoD in their own environments.”

Many of these requirements are already addressed in existing STIGs, such as the one addressing network infra-structure, but, as William Keely, DISA’s director of field security operations, noted, the increasing utilization and complexity of virtualized environments makes it necessary to refine the requirements and bring them together in a single document.

STIGs for the Future

David Goldschlag

dgoldschlag@trustdigital.com

www.MIT-kmi.com14 | MIT 13.6

As the U.S. defense and intelligence community have substantially increased their reliance on commercial satellite related services in recent years, the supply of commercial C- and Ku-band space segment has gone from plentiful to severely constrained. This has sparked new interest in commercial X-band and Ka-band coverage as a better approach to supplementing the MILSATCOM fleet.

“The global Ku- and C-band markets have become very expensive, and there is now substantial interference in those bands affecting our government customers. That is why CapRock started to look at X-band and Ka-band as viable options for meeting our customers’ requirements,” explained David Cavossa, vice president of operations at CapRock Government Solutions.

This prompted CapRock to sign a multi-year, multi-transponder agreement last December with commercial X-band provider XTAR. “That deal was the largest U.S. sale in commercial X-band,” Cavossa explained. “In March, we announced that we had signed up customers from the intelligence community and from the Department of Defense. We’ve got additional customers in the pipeline who will start moving toward X-band this year or next.”

The contracts referred to by Cavossa were multimillion-dollar agreements to provide

more than 200 MHz of commercial X-band satellite services to two

U.S. government agencies. The satellite services will utilize the XTAR-EUR and XTAR-LANT satellites, which are reserved exclusively for government and military applications.

The contracts represented two of the largest single awards of commercial X-band satellite services, and came just two months after CapRock’s government solutions division unveiled the industry’s first commercial X-band managed service offering. To support the missions of its government clients, the company has made significant investments in X-band teleport infrastructure and satellite capacity, signing a strategic agreement with XTAR that includes multiple transponders on its X-band fleet.

A number of factors have led DoD to increase its take-up of this SATCOM frequency, Cavossa said. “Until recently, X-band was considered too expensive. I’ve seen the price for Ku-band as high as $8,000 per MHz, but X-band is more competitively priced. The supply rates on global Ku-band are in the high 80s or low 90s, so there is very little Ku-band available. With so many users packed into such a small amount of space, the price gets driven up and there is limited flexibility and availability.”

X-band has a number of inherent advantages, noted Andrew Stanniland, business development director for Paradigm Secure Communications, which provides such services for NATO and recently began offering capability to the U.S. DoD. “X-band is very useful for a number of reasons,” he said. “There are many X-band terminals out there, and once you have them you want to use them. They are also very expensive to buy compared to the nearest equivalents in the commercial world, which is an incentive for people not to switch frequencies unless they absolutely have to.

“Also, you don’t have to retrain personnel because they have used the kit already. And because there are fewer X-band users around the world, even if you don’t have a hardened military satellite, you get some level of protection just through the rarity of it, which is interesting to the military user,” Stanniland added.

DOD LOOKS TO COMMERCIAL X-BAND SATELLITE COMMUNICATIONS TO SUPPLEMENT THE MILSATCOM FLEET.BY ADAM BADDELEY

MIT CORRESPONDENT

BADDELEYA@KMIMEDIAGROUP.COM

Using the available X-band bandwidth is dependent upon having terminals on the ground. [Photo courtesy of L-3 Communications]

Two constellations of satellites are providing commercial X-band satellite communications to the U.S. government. [Images courtesy of XTAR, Paradigm Secure Communications]

www.MIT-kmi.com MIT 13.6 | 15

SATELLITE ALLIANCE

U.S.-based XTAR is one of two companies offering commercial FSS X-band to the U.S. government. It is owned by Loral Space and Com-munications and a Spanish company, Hispasat, at a 56:44 ratio. Two satellites are in the constellation. One is owned by XTAR and the other is Spanish-owned, with XTAR owning an independent payload on it.

“As a commercial provider of X-band, we like to be thought of and to be treated like any other commercial provider, whether it is Ka, Ku, L, S or any other band,” said Denis Curtin, XTAR chief operating officer. “We have coverage from Denver, east to Indonesia with dual coverage of Africa, Europe and the Middle East. We have excellent coverage of Afghanistan, Pakistan and those areas of interest today.

“We are providing services both to U.S. government departments, including DoD and other agencies, and a variety of ministries of defense and other government agencies in Europe. It shouldn’t be any surprise that the majority of take-up has been within Southwest Asia and the Middle East, and we are now seeing take-up in support of endeavors within Africa,” he added.

Expansion of coverage is constantly under review, which could allow XTAR users to use the service throughout the Pacific area. “Right now our inclina-tion is to offer a hosted payload, as opposed to another owned satellite,” said Bill Schmidt, the company’s vice president of government services. “We think it gives us more flexibility to meet the individual needs of our customer.”

All military government traffic has to have end-to-end encryption. In addressing military requirements for further protection for the service, Schmidt said, “The commercial satellite fleet may not be as robust as military communications in the sense of nuclear or EMI hardening, but the commercial operators are just as concerned about security and maintaining control of their security as is the government. XTAR has gone above and beyond, in that our control systems utilize the National Security Agency-approved, Caribou-level encryption scheme to ensure that those control links are more robust.”

A commercial network also provides security through diversity, Curtin explained. “It is very difficult to knock out a commercial system because there are so many. There are too many targets to take them all out. That diversity also gives you alternate resources, so if one satellite were taken, that traffic could be moved to another satellite. DoD feels this is a real advantage, and they have said that.”

Other XTAR satellite features have advanced to meet more demanding military requirements, notably use of the high power 72 MHz transponders offering double that typically found on commercial satellites, which allow the user community to transmit large amounts of data from relatively small terminals. Steerable spot beams on board also allow for even greater concentration of that power.

The U.S. Defense Information Systems Agency (DISA) and Depart-ment of State have their own Teleport site for XTAR use. XTAR is currently on the cusp of deciding on the location of two Teleport sites in Europe.

One near-term objective in the United States is inclusion in the Navy’s Commercial Broadband Satellite Program (CBSP), the replace-

ment for the current Commercial Wideband Satellite Program (CWSP) contract. Through this, SPAWAR will procure commercial capacity and other services on an ID/IQ basis. The space segment comprises C, Ka and Ku SATCOM, but unlike CWSP, the new program will also include X-band as part of the solution.

“We view that as a very positive step and an acknowledgement that commercial X-band has a similar role to the other commercial bands in helping DoD, and in this case the Navy, meet mission requirements,” Schmidt said. “We are not submitting a response as a prime contractor, but we have provided support to all the prime teams that requested X-band. The Navy anticipates making an announcement soon.”

Looking to the future, Curtin believes government demand for an end-to-end managed service offering in which X-band will be used is growing, “We are working with a number of companies to establish that kind of service. We see it as a real value added to the user in the sense that the user can focus on their core mission and the communi-cation provider will focus on what their mission is, and that is to provide these communications links when and where they are required.”

SKYNET CONSTELLATION

Paradigm is responsible for managing the Skynet 5 constellation, which has been used for several years by U.K. armed forces, several NATO allies and NATO itself. Earlier this year, it began supplying UHF and X-band bandwidth to DoD on a commercial basis. The six-satellite Skynet constellation (three Skynet 4 satel-lites and three Skynet 5 satellites) provides overlapping coverage that begins in the Midwest and extends east-ward to cover Japan and most of Australia.

“We have X-band capacity for sale in all the military hotspots where people are currently deployed, and it is all NATO standard X-band,” said Stanniland. “Because of the way the U.S. and U.K. MILSATCOM systems have evolved, the U.S. doesn’t have anything quite like Skynet 5. U.S.-protected services are supported at EHF, and the workhorse for communications is the Wideband Global SATCOM (WGS) program.

“Skynet 5 is halfway between the two,” Stanniland continued. “It provides protected, survivable X-band for both protected communica-tions and for high bandwidth communications. Although this has arisen because the U.K. doesn’t have access to its own EHF capacity, this means that the Skynet 5 X-band effectively sits within a very attractive ‘capability niche’ for the U.S. military user.

“Each of our 15 transponders (per satellite) is connected to a 160W amplifier,” he continued. “Since we deliberately built Skynet 5 with narrower bandwidth transponders than commercial satellites—20 MHz to 40 MHz—our power can be concentrated into a single tran-sponder, which is ideal for users with small ground terminals.”

Stanniland explained other beneficial features of Skynet. “Opera-tional flexibility is the most important attribute you can give to the military communicator, and this is most easily seen on a geographical basis. We can shape and steer all the uplink spot beams on each Skynet 5 satellite. We can use the same beam to generate up to seven hot spots within a single spot beam. That allows us to shape beams around a country or region. We can even shape the beam to the same size and shape as the coast of Africa.

Denis Curtin

dcurtin@xtarllc.com

Bill Schmidt

wschmidt@xtarllc.com

www.MIT-kmi.com16 | MIT 13.6

XTAR: Meeting the communications requirements that are the cornerstone of today’s military operations.

Commercial X-band now available through the GSA FSC Group 70 and DISA DSTS-G contracts.

www.xtarllc.com

© 2009 XTAR, LLC. All rights reserved.

BANDWIDTH TO THE POWER OF R OFROR FR F

High Power -Band Solutions for U.S. and Allied Governments

High capacity with 20 transponders ~ 4 Gbps

Fast deployment and up-to-the minute interoperability

Higher data rates via legacy X-band terminals, including dishes less than 2.4 meters

200 Mbps for terminals 2.4 meters and larger

X-band On the Move supporting mobile teams with up to 3 Mbps data rates

Global fixed and steerable spot beams that can be positioned anywhere within the satellite footprint

High power enables operations in adverse environments

Works with all legacy and newer technology X-band capable equipment

“We can put a hot spot over Iraq and a hot spot over Afghanistan in the same beam but include no intervening countries,” he continued. “Because of the way we designed Skynet 5 for the military operational requirement, we can switch the same channel to a different shape that does include intervening countries in a matter of minutes if it is pre-programmed ahead of time.”

Skynet 5’s X-band bandwidth is already being supplied through DISA via the DISN Satellite Transmission Services-Global (DSTS-G) program, under a multi-year contract that will run at least until 2011. (See MIT, June 2009, page 9.)

To meet U.S. demand, Paradigm has signed basic ordering arrange-ments, rather than partnering or distribution agreements, with a num-ber of suppliers to the three DSTS-G primes.

“This means that when they need something quickly, they can fill out an order form without having to also spend the time needed to negotiate terms,” Stanniland said. “That change has happened this year. Now they can go out and buy X-band from us, which they couldn’t before. Today we roughly provide 150 MHz to the U.S. under DSTS-G, through agreements with Intelsat General and DRS Technologies, with options for more.”

In addition to X-band, Paradigm has also supplied UHF from Sky-net 5 to the U.S. Navy since the start of the year, also through IntelSat General.

GROUND SUPPORT

Using the available X-band bandwidth is dependent upon having terminals on the ground. L-3’s Microwave Group (L-3 MG) and L-3 Communications Systems West (L-3 CSW) have been supplying the DoD terminals to support this frequency on an ongoing basis, and in most cases offering multi-band solutions.

“Focusing on the ground tactical SATCOM market, we have a number of products,” explained Mark Rayner, vice president of business development for L-3 MG.

These include 0.45-meter and 0.5-m aperture communications on-the-move (COTM) antenna and terminal solutions, with L-3 Datron’s FSS-4180LP and FSS-4180LC, and L-3 Linkabit’s TRM-1000 terminal. In addition, there are the 3.9-m tactical SATCOM systems called Light-weight Medium Aperture Antenna (LMAA)—OE-593F.

The latter are generally used as hubs, deployed quickly to theater to provide backbone communications and operate in C, X, Ku and Ka. Apertures as small as 2.4 m can also be used in this role, and the Air Force has acquired such terminals in quad band under the Ground Multiband Terminal (GMT)-AN/TSC-179 program.

“These systems are all transit-case-based systems, unlike what you typically see with a HMMWV shelter-mounted 1.6-m or 2.4-m terminal, like the ‘pop up’ configuration for the quad band Phoenix terminals supplied by L-3 CSW and provided to the Army,” Rayner said.

By opting for a transit case over trailer-based solutions, significant weight and volume savings are possible for shipping, Rayner noted. “We provide a system that is less than half the weight of the trailer-mounted 4.9-m Lightweight High Gain X-band Antenna, which is being used by the Army.”

Opting for new or additional frequencies makes things more com-plex for terminal designers, Rayner said. “With Ku band, the highest frequency is 15 GHz. With Ka band, the highest frequency is 30 GHz, so Ka’s beamwidth is half that of Ku. The result is that terminal design-ers face difficult design challenges to ensure antenna stiffness to reject wind distortion.”

In contrast, on the X-band side, which is about half the frequency of Ku band, wind isn’t as much of a problem. Instead, the frequency presents RF interference issues related to Passive Inter Modulation (PIM) performance, which impact the design of the reflectors and the feeder/RF electronics.

Quad band provides considerable flexibility, but not all users need all four bands nor want to pay the inevitable premium. To meet user requirements for a modular system that allows users to increase or reduce the number of bands covered, L-3 GCS recently introduced the Hawkeye III, a modular design to handle C, X, Ku and Ka indepen-dently or in combination.

“We have kept the same positioner and base structure, but offer different reflectors and amplifier sizes for different power outputs,” Rayner said. “Someone could buy an X-band terminal right out of the chute but may not want Ka band. They could potentially buy the C-band and two years down the road, buy the extra pieces that would allow them to do X-band. It’s a modular product line.”

WIDEBAND GLOBAL

Despite the growing interest, commercial X-band is still more a support to the bulk of military X-band communications. That is the responsibility of the Air Force WGS program, which provides both X-band and Ka-band communications support to DoD.

The WGS constellation is designed to be backward compatible with existing X-band terminals that operate with the predecessor Defense Satellite Communications System (DSCS). Each of the new satellites has more than four times the X-band bandwidth as a DSCS III (1715 vs. 405 MHz) and also takes advantage of spatial frequency reuse to utilize the increased bandwidth. WGS X-band communications are provided primarily by transmit-and-receive phased arrays, with each array forming eight independent shapeable and steerable beams to enable high gain coverage.

The WGS program, for which Boeing is the prime contractor, is currently made up of two blocks of satellites. Block I consists of three satellites, including WGS-1, which was launched in 2007 and is cur-rently supporting DoD communications in Pacific AOR. WGS-2 was launched in April 2009, completing in-orbit testing to verify functional-ity in June. It was turned over soon after to the government, which has begun testing to characterize payload from an operational perspective.

WGS-2 is planned to be moved over the Indian Ocean, where it will support communications for both Operation Enduring Freedom in Afghanistan and Operation Iraqi Freedom in Iraq. WGS-3 is in final preparations for launch, which is currently scheduled for September.

Block II WGS consists of a further three satellites. WGS-4 is in the integration and testing process, WGS-5 is beginning the integration of the payload portion of the satellite; and WGS-6 is building and deliver-ing electronic units that go into the satellite.

There are some significant technical differences between the two blocks, such as Block II’s use of two “bypass” channels at Ka-band, which are capable of supporting the higher data rate needs of airborne ISR platforms such as Global Hawk and Predator. DoD and the Air Force are currently considering extending the WGS program beyond the current six satellites. ✯

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject,

search our archives at www.MIT-kmi.com.

www.MIT-kmi.com18 | MIT 13.6

During the largest-ever demonstration of its kind, the Wideband Networking Waveform (WNW)—a critical capability of the Joint Tacti-cal Radio System (JTRS)—effectively networked 30 mobile nodes and shared data and video across multiple sub-networks in a challenging forested and residential environment. The June 2009 demonstration for senior government officials took place at the Space and Naval War-fare Systems Center Atlantic in Charleston, S.C.

“JTRS is no longer just in graphs on PowerPoint demonstrations,” said Howard Pace, deputy program executive officer for JTRS. “We’ve now demonstrated that the Wideband Networking Waveform capabil-ity successfully scales to 30 nodes with all the nets and subnets. It’s working and working well.”

The demonstration showed how, when fielded, the software-defined radio waveform can overcome many of the mobile networking challenges soldiers face on the battlefield. Today’s forces use a variety of unique voice and data waveforms to communicate with each other or with modern Internet Protocol-based networks. These specialized systems can make it difficult to communicate between joint forces.

WNW solves that communication challenge. A networking wave-form that enables connections between vehicles, planes and ships utilizing mobile networking technologies, WNW offers the ability to transit more information with greater security and provide new capa-bilities to seamlessly route and retransmit information. The waveform can transfer information of different classifications over the same wireless network.

“We are on track to meet joint warfighter requirements to provide a flexible and pervasive networking capability to address the challenges of modern battlefields,” said Navy Captain Jeffrey Hoyle, program manager, JTRS Network Enterprise Domain (NED). “The demonstra-tion location offered significant opportunities to evaluate multi-path propagation effects in heavily forested terrain and marsh.

“During the demonstration, WNW performed as expected, and we were able to validate laboratory performance improvements from recent waveform algorithm enhancements in the field,” added Hoyle. “The ability to integrate waveform enhancements rapidly while testing in the field [three times in as many weeks] thoroughly demonstrated a significant advantage that JTRS provides—the ability to upgrade warfighter communications and networking capability while deployed through software-only updates in fielded radios.“

Performance results measured during this demonstration indicate a significant new networking capability that will continue to improve as the data collected are thoroughly analyzed to enable additional wave-form software upgrades, as well as through processor and power ampli-fier improvements inherent with the improved JTRS Ground Mobile Radio (GMR) engineering development model hardware being delivered now and the airborne/maritime/fixed station hardware in the future.

“The ability to expand and contract the network while soldiers are mobile is a mission-critical capability,” added Ralph Moslener, Boeing program director, JTRS GMR and NED. Boeing is developing the WNW for JTRS NED.

“The demonstration proved that WNW will seamlessly connect soldiers and commanders so that they can trade real-time information and have greater situational awareness than ever before,” Moslener said.

“The demonstration of the Wideband Networking Waveform capability is an important accomplishment,” added Hoyle. “This capability has now been successfully demonstrated in a field environ-ment, and we can leverage it as other JTRS systems are developed and implemented.”JTRSvan

Waveform Meets the TestJTRS SUCCESSFULLY DEMONSTRATES WIDEBAND NETWORKING WAVEFORM CAPABILITIES.

A military vehicle operates the WNW on a JTRS ground mobile radio in Navy housing at Naval Weapons Station, Charleston as part of the demonstration at Space and Naval Warfare Systems Center Atlantic. [Photo courtesy of Joint Program Executive Office JTRS]

The WNW, operating on a JTRS ground mobile radio in a heavily forested suburban environment, demonstrated its validated design and tactical utility in tests held in June at Space and Naval Warfare Systems Center Atlantic in Charleston. Thirty ground mobile radios were used in the largest demonstration of the capability to date. [Photo courtesy of Joint Program Executive Office JTRS]

Editor’s Note: This is another in a regular series of updates on the Joint Tactical Radio System (JTRS), as provided by the program’s Joint Program Executive Office (JPEO).

www.MIT-kmi.com20 | MIT 13.6

■ SECURE SATCOM REACHBACK DAMA MILSATCOM and automatic BGAN satellite routing beyond terrestrial networking range today with future upgradability for MUOS.

■ Streaming video Display live video feeds from UAVs and other video sources.

■ TAC-CHAT Instant text messaging throughout the network.

■ Secure ground-to-air communications Havequick interoperability.

www.harris.comassuredcommunications®

AN

/PR

C-1

17

G(V

)1(C

) ©C

op

yrig

ht 2

00

8 H

arris

Co

rpo

ratio

n

■ JTRS Approved■ JTEL CERTIFIED■ NSA CERTIFIED■ JITC CERTIFIED

falcon III® Networks the battlefield.Harris has introduced the world’s first JTRS SCA-compliant Type-1 secure wideband/narrowband tactical radio. The AN/PRC-117G(C) delivers simultaneous transmission of voice, video, situational awareness and intelligence data to the networked battlefield. For more information visit us on the web at www.rfcomm.harris.com/117G or contact your Harris sales representative.

■ THE AN/PRC-117G(C) Multiband Manpack

■ SINCGARS AND MULTIBAND Communications Full range combat net radio interoperability.

■ SSCCFi

■■ ■■hrougInstant text messaging thxt messaging th

MEDEVACEME

today with fut

ENEMY ENGAGEMENT

EMYNGAG

NEEN

falcoHarris has introdudelivers simultanFor more informat

deooeds f

eo so

ture upgradability for MUOS.ture u

■ Streaming vi■ Streaming vidDisplay live video feeUAVs and other vide

from ources.

sta t te ttthe netwoorke netwott ork.

EENEE

FALCON III® Multiband Manpack■ Situational Awareness

Every node in the network shares a common operating picture.

Contract Supports Multinational Information Sharing

EDS, an HP company, has been awarded a potential five-year, $34 million

contract renewal by the Defense Information Systems Agency (DISA) to continue

supporting its Multinational Information Sharing (MNIS) program. Under the

contract, EDS, through its teaming partner, Harris Information Technology Corp.

(HITS), will provide systems engineering and technical assistance support to enhance

the mission capabilities and effectiveness of the MNIS Program Management Office.

The mission of DISA’s MNIS program is to ensure joint forces share a common

operational picture and contribute to enhanced intelligence, informed decision-

making and mission success. The MNIS program facilitates the sharing of encrypted

information in a single joint environment to provide effective communication

and promote teamwork among Department of Defense components, combatant

commands and eligible foreign nations. This contract was awarded under the

ENCORE II contract vehicle and is for one year with four one-year options. EDS and

HITS will provide systems engineering, analytical services and thought leadership in

support of MNIS’ efforts to ensure seamless information sharing among U.S. forces

with their allied and coalition partners for military operations planning purposes.

Ericka Floyd: ericka.floyd@hp.com

C2 Capability Provides Integrated View of Incidents

SAIC has developed a service-oriented architecture (SOA)-based C2 capa-

bility to implement an overarching monitoring and control system for cata-

strophic threats, attacks and incidents. The solution can be adapted for any

chemical, biological, radiological, nuclear and high yield explosive or cyber-

incident. SAIC’s net-centric, SOA-based C2 capability fuses data from informa-

tion and sensor systems, accelerates and automates information analysis and

correlation, and supports rapid decision-making. The solution can provide an

integrated picture of the health, status and security posture of domestic and

Global Information Grid infrastructure, consolidating a common operation

picture and situational awareness. With this solution, SAIC has implemented

an open, event-driven architecture to deal with operations and C2 at cyber-

speed. It includes new search, recognition, retrieval and correlation capabilities

to increase information aggregation and knowledge. SAIC used leading-edge

modeling and simulation technology to determine time frames for all steps and

actions involving human in the loop, information feeds, data access, correlation

and patterning, comparable analysis, option identification, and implementa-

tion of rapid spirals and validation.

Robert Hatcher: robert.m.hatcher@saic.com

Beyond-Line-of-Sight Solution Provides Army Communications

L-3 Linkabit has successfully completed the integration and testing of a wide-

band-beyond-line-of-sight (WB-BLOS) capability in Army Brigade Combat Team

vehicles intended for deployment in Operation Enduring Freedom. This resulting

deployment will enable more Army units to have a robust, secure communica-

tions system in the field and supplies new and enhanced WB-BLOS and mission-

critical data capabilities to Army units. The initiative used mature L-3 products

and technology developed for the Warfighter Information Network-Tactical

program, including the Network Centric Waveform, MPM-1000 IP modem and

FSS-4180-LP SATCOM antenna. This transit case-based solution successfully

coupled L-3’s hardware with COMSEC and other baseband equipment to provide

a turn-key WB-BLOS subsystem solution. L-3 Linkabit provides turn-key SATCOM

on-the-move solutions that enable mobile and halted forces to collaborate, access

GIG resources and exchange voice, data and video in a tactical environment.

Linkabit developed the MPM-1000 modem product family, which when combined

with an antenna and tracking system provides an off-the-shelf SATCOM on-the-

move solution for both military and commercial applications.

Bill Clark: bill.clark@l-3com.com

Agreement Develops Multi-touch Technology for the Warfighter

The Army Communications-Electronics Research, Development and

Engineering Center (CERDEC) recently signed a cooperative research and

development agreement (CRADA) with Microsoft to share research in support

of developing multi-touch technology for the warfighter. The CRADA with

the CERDEC Command and Control Directorate is only the second joint

research project Microsoft has throughout the Department of Defense. The

multi-touch portion of the CRADA’s tasks will be executed by the Command

and Control Multi-touch Enabled Technology (COMET) team, which is

researching the applicability of multi-touch technologies to command and

control systems. Traditional collaboration tools such as paper maps, grease

pens, acetate layers and sand tables are ineffective at recording, saving

and transmitting information and are incapable of providing automated

assistance or analysis. The electronic maps can respond in ways that paper

cannot: Commanders can zoom in for additional detail, or change from

raster to vector maps. Multiple users can simultaneously contribute to group

activities such as war gaming, rehearsal or after-action reviews.

Edric Thompson: edric.v.thompson@us.army.mil

www.MIT-kmi.com22 | MIT 13.6

Compiled by KMI Media Group staff

Optimization Solution Speeds SATCOM Delivery

Citrix Systems’ Government Systems

team has partnered with TeleCommunication

Systems (TCS) on its SIPR/NIPR Access Point

(SNAP) program for the Army. Specifically, Citrix

WANScaler technologies are integrated into TCS

SNAP network packages that support ongoing

military operations in both Afghanistan and Iraq.

The Army Project Manager for the Warfighter

Information Network-Tactical Commercial

Satellite Terminal Program is funding these

Multiservice Gateway Simplifies Network

ConvergenceJuniper Networks has introduced a series of new

applications and services that will enable customers

to deliver voice, video and other multimedia services

with exceptional efficiency, reduced costs and increased

scale and reliability. Building on the Intelligent Services

Edge portfolio, these new features simplify networks

and facilitate convergence for enterprises, government

agencies and service providers by fully integrating key

service delivery and performance assurance functions

directly within the routing platforms and IP network

infrastructure. Additionally, Juniper is delivering hard-

ware and software features that reduce costs by enabling

customers to leverage investments in legacy voice and

data networking equipment while they migrate to next-

generation IP transport networks and services. The

Integrated Multiservice Gateway solution tightly inte-

grates standards-based session border control signaling

and media gateway functions with sophisticated, high-

performance routing and comprehensive security

features that include intrusion prevention software,

IPsec and firewall services.

Jim Kelly: jkelly@juniper.netISR Interoperability Exercise Includes 3G

Wireless NetworkEmpire Challenge, the joint/coalition ISR interopera-

bility exercise, this year included QuicLINK, the 3G tactical

network developed by Ericsson Federal Inc. (EFI) at both

China Lake Naval Air and Weapons Center, Calif., and

Patuxent River Naval Air Station, Md. QuicLINK provides

all of the components for a 3G wireless network to deliver

high-speed voice, video and data, and can be deployed in

support of multi-domain tactical environments. It was

to be deployed at the tactical operations center, aboard

aircraft, watercraft and with tactical operations vehicles.

EFI deployed a tactical network solution that includes the

QuicLINK 3G cellular broadband network and IP multi-

media services for collaboration between operators on the

network, while providing tactical data to exercise wide

area networks. The 3G network is essential for collecting

and distributing full motion video, imagery and data

during the exercise. Through the integration of IP multi-

media services into a situational awareness environment,

EFI can provide location knowledge of tactical users,

voice, text chat, video calling and map-based white board

collaboration for communications between the tactical

edge and the tactical operations centers.

Kristen Oelke: kristen.oelke@ericsson.com

Marine Operations Centers Add Internet-like Capabilities

General Dynamics C4 Systems has been

awarded $21 million to add Internet-like capa-

bilities to the Marine Corps’ Combat Operations

Centers (COCs), the focal point of decision-making

for deployed Marine commanders and their

staffs. Through this effort, General Dynamics will

upgrade the COCs’ electronic systems to increase

Marines’ situational awareness and information-

sharing abilities, and improve network connec-

tivity across the tactical battlespace. The contract

being modified was awarded

in 2002; the total value to date

is $643 million. Identified as

the COC Model G, the new

system will facilitate sharing

of mission rehearsal and

execution information among

other Marine Corps Combat

Operations Centers and joint

forces partners. The system

will enable services such as

electronic chat, e-mail and

VoIP communications. General Dynamics will

also migrate existing hardware-based command

and control, tactical data systems and other

applications to software-driven services using the

Marine Corps’ service-oriented infrastructure.

The COC Model G is also part of the Marine

Corps initiative to become compliant with the

Department of Defense’s Net-Enabled Command

Capability, which enables Internet-like access to

joint tactical networks.

procurements through the Army’s $5 billion

World-Wide Satellite Systems contract vehicle,

for which TCS is a prime contractor. The SNAP

delivery order includes options for approximately

1,500 terminals and supporting equipment to

be deployed in various sizes and configurations

over the next few years, along with up to 30 field

support personnel. Citrix WANScaler, a branch

optimization solution that accelerates application

delivery to globally distributed users, supports

Space Communication Protocol Standards and

uses flow control capabilities to seamlessly deliver

data and applications, eliminating the latency

issues that have plagued satellite communica-

tions in the past and enhances the delivery of the

network to the front lines. These improved satel-

lite communications capabilities also help the

Army meet one of the goals in its CIO/G-6 500-day

plan—the delivery of seamless LandWarNet to

soldiers.

Naomi Harker: naomi.harker@citrix.com

www.MIT-kmi.com MIT 13.6 | 23

C3ISR > GOVERNMENT SERVICES > AM&M > SPECIALIZED PRODUCTS

Communication Systems–WestL-3com.com

Advanced Network Centric Solutions from L-3L-3’s ROVER derivative products deliver networking capabilities that are truly seamless and interoperable across all platforms and services. Now all ground, airborne and satellite communications can be integrated to improve situational awareness, accelerate the exchange of information and shorten decision times, including the sensor to shooter timeline. Visit L-3com.com/CSW to see the difference our network can make to everyone, everywhere, now.

IT’S LIKE HAVING YOUR OWN TACTICAL OPERATIONS CENTER

Prior to his current position as the Department of the Army CIO/G6, Lieutenant General Jeffrey A. Sorenson was the deputy for acquisition and systems management to the assistant secre-tary of the Army (acquisition, logistics and technology).

Upon his graduation from the U.S. Military Academy, Soren-son was commissioned as a second lieutenant in field artillery, serving in tactical units at III Corps Artillery and in Germany. Following his transfer into the Military Intelligence Corps, he served as the division artillery intelligence officer and completed several assignments at the division staff and operational level.

Sorenson has more than 20 years of acquisition experience as a certified Army material acquisition manager. His acqui-sition assignments include: director, program control (Joint Tactical Fusion Program Office); course director for the Execu-tive Program Managers Course (Defense Systems Management College); director, science and technology integration (Office of the Assistant Secretary of the Army for Research and Develop-ment); product manager for Ground Based Common Sensor-Light TEAMMATE TRACKWOLF programs; project manager for night vision/reconnaissance, surveillance and target acquisition; direc-tor, Acquisition Directorate (Office of the Director of Information Systems for Command, Control, Communications and Comput-ers); senior military assistant for the under secretary of defense for acquisition, technology and logistics; and program executive officer for tactical missiles.

In addition to a Bachelor of Science from West Point, Soren-son earned an MBA from Northwestern University, majoring in finance, accounting and decision sciences. He is also a registered certified public accountant in the state of Illinois. His awards and decorations include being named the Army’s Project Manager of the Year in 1998.

Sorenson was interviewed by MIT Editor Harrison Donnelly.

Q: You have spoken frequently about the need to transform Land-WarNet into an enterprise capability. In what ways is it not one today, and what needs to change to make it so?

A: When I started in my current job as the CIO/G-6, there were a lot of different C4 programs that were being discussed, but I didn’t understand how they all related. I said we needed to get back to describing how these C4 programs support the warfighter, because if they didn’t support the warfighter, they were interesting, but maybe not necessary. The “soldier’s story”—a vignette that speaks to the network our soldiers and units currently use as they deploy into an AOR [area of operation]—emanated from that request. Today, when soldiers move from their post, camp or station for

training exercises, to a power projection platform [where they get ready to deploy in theater], to deployment in theater, their com-munications capability is characterized by a network that requires constant changes along the way. E-mail addresses and phone num-bers must be changed, as do where they store their data changes and how they obtain connectivity changes as well. Thus, what we have is a network that does not support expeditionary opera-tions, and in fact sometimes hinders their ability to be connected through all the phases of a joint operation.

The soldier’s story is about redefining the network to make it seem like the Verizon commercial that shows lots of people stand-ing behind the network to ensure it is working. I also refer to our future plan as the BlackBerry story—the point being that when you can pull out your BlackBerry anywhere in the country or over-seas, you can communicate without having to change your e-mail address, cell phone number or anything else. You always have connectivity. That’s what our soldiers don’t have today, because the network we use today requires constant changes in addressing, storage and connectivity functions.

Q: What is the Army Global Network Enterprise Construct, and why is it needed?

A: The vision of the Global Network Enterprise Construct [GNEC]

Lieutenant General

Jeffrey A. Sorenson

Chief Information Officer/G-6

Department of the Army

www.MIT-kmi.com MIT 13.6 | 25

Network ConstructorBuilding the “Always On” Global Enterprise Network

Q&AQ&A

is similar to Google, where you have access to data anywhere, anytime by anybody. Or you could look at it as a network that connects the right people at the right place and right time. We’re trying to make this network an “always on” network, and in doing that we’ve described the GNEC strategy as a global deployment of the network provided by five regional network service centers [NSCs] that support each one of the combatant commanders. Each one of the NSCs are responsible for ensuring that the Army portion of the network is fully capable, as well as interfaces into the joint network. These five NSCs provide a connect capability, the forward staging of data and applications, and network security, all within a network operations structure that is consistent and standardized throughout the globe. Thus, we want a plug-and-play concept, so that if you can connect to the network service center at your post, camp or station, such as Fort Hood, and you deploy into theater or anywhere else, the way you connect, get your data and access your applications will be the same when you connect to another network service center wherever you go.

Q: What is your strategy for implementing the GNEC, and what issues and challenges do you think will require the greatest attention as you do so?

A: Initially, we spent a lot of time with senior leaders such as the Army chief of staff, vice chief of staff, commanding general

of TRADOC, and others, describing the war fighting capabilities of GNEC. Once they understood the war fighting capabilities, they concurred with the concept of GNEC, and the question was how soon we could deliver the capability. “How about next year?” asked one of the senior leaders. My response was “not exactly,” as I detailed the transformational changes required to deliver GNEC. However, we’ve been working on accelerating the fielding of this capability, and have developed a strategy for delivering initial operational capabilities of the NSCs over the next three years. We will establish the first NSC in Europe in FY09, followed by NSCs in CONUS and Southwest Asia in FY10, and then an NSC in the Pacific in FY11. That’s the overall strategy for setting up the NSCs as an initial operational capability in the regional areas. At the same time, however, we’re continuing to imple-ment enterprise upgrades, such as enterprise e-mail, to include standardizing and reducing the number of e-mail help desks throughout the Army. So we are working to provide enterprise capability improvement at the same time that we are establishing and deploying regional NSCs.

Q: What role will the NSCs play in the system? How will they interact with other entities in creating an “always on” net-work?

A: The basic element of the NSC concept is to enhance our ability to connect, specifically in this case linking the Army soldiers who are in an area of operation, but also any land components such as the Marines, with our joint service components. In fact, today we provide connect services to Marines operating in Southwest Asia for their intra-theater communications as well as their reach back to CONUS through our regionally based fixed regional hub. So the connect piece of the NSC will have the ability to connect everyone from anywhere from the Global Information Grid, incorporating into and connecting through the DISA Teleport sites, all the way down to soldiers deployed at the tactical edge through the use of WIN-T or the Marines’ Secure Wide Area Network [S/WAN].

With respect to services, in terms of data and applications, I’ll go back to what I mentioned earlier about enterprise e-mail. We are currently working with DISA to develop an enterprise e-mail solution for all of DoD. The Army is going to be the first user of this enterprise capability, because of our need to synchronize the transfer of e-mail services with our movement of units under BRAC. Fort Monmouth, N.J., is going to close and the person-nel are going to move to Aberdeen Proving Ground, Md. So, as they move, we’re working to put some of those users into the enterprise e-mail capability, along with users from Army Materiel Command as they move to Huntsville, Ala., and other units that are associated with BRAC moves. Thus, we have some immedi-ate needs now to accommodate and synchronize the transfer of e-mail services with our BRAC moves, as does TRANSCOM, which is the other first user of this enterprise e-mail capability within the joint community.

With respect to security, we are working with DISA to lever-age some of their network operation tools, specifically those that enhance the ability to see what systems are sitting on our network. Our goal is to achieve a machine-to-machine view of the network, so we can see what systems are functioning on our network. Part two is to achieve a better control of the systems on

27th Year in BusinessIA/Security Engineering ExpertsProvide All Aspects of IT Services3 Time National Award Winners

Visit Us At LandWarNet Booth #110

2 h Y i B iY

The Small Business You Can Count On

(301) 941-1983 (386) 437-7323 (760) 510-9800www.seidcon.com

www.MIT-kmi.com26 | MIT 13.6

the network. In all these cases, we’re working in partnership with DISA on a consistent basis. We are also spending a lot of time talking to the Marines, with respect to the network capabilities we can provide so they can take advantage of them as they deploy with us and integrate into our formations. We’re also working with the Navy and Air Force to define links into their global network capabilities.

Q: What did you learn from the operational validation [OPVAL] of NSC conducted this spring?

A: The operational validation was a success—in part, just because we did it. We took a brigade from Fort Bragg, and had them execute what I described earlier as the soldier’s story. However, unlike today’s soldier story, this brigade used the network capa-bilities of the NSC we set up at Fort Bragg, so they could draw their data and services and have their e-mail and their war fight-ing applications prior to their deployment. Once they deployed into theater, in this case into an exercise being conducted by the 7th Army in Europe, they virtually moved their organization into the theater of operations, functioning essentially as they did at Fort Bragg. They didn’t have to change e-mail or phone numbers, and they could get their data and applications from the network in Europe just as they did at Fort Bragg. They didn’t have to pack stuff up and move it; rather, they could draw their needed data and services from the network, as opposed to carry-

ing the network with them in server boxes and their own organic capability. They were able to function and demonstrate how the NSC capability would work. In CONUS they were connected to the network via the NSC, and once they deployed to Europe they were able to draw their war fighting capabilities from the NSC in Europe, so the regional concept was demonstrated.

Did everything go perfectly? Absolutely not. We had some technical issues in terms of the resource forest for the e-mail and firewall management. There were many operational objectives we were trying to achieve, such as the seamless deployment and transport of unit network services via the NSC. And we had some training objectives, such as working with the 7th Signal Com-mand, which recently was flagged at Fort Gordon, to standardize training for proper configuration of unit equipment connectivity to the NSC.

There were many lessons learned, and there are more to fol-low. We’re hoping to host a meeting at Fort Bragg this summer to bring industry in for some day-long discussions of what we learned, what went right and what went wrong, and also expose them to some of the systems our soldiers use when they are deployed to give them an understanding of what is required to meet end-to-end connectivity. We’ll also take them around Fort Bragg and show them what the NSCs are supposed to look like.

We are now writing the doctrine and tactics, techniques and procedures for how NSCs should function in preparation for another exercise next year. We had a whole host of people at the

www.MIT-kmi.com MIT 13.6 | 27

OPVAL—such as observer controllers from FORSCOM, and Army Test and Evaluation Command and the Signal Center—to monitor what was taking place, in order to help write the doctrine for the operation of NSCs.

Q: You have also emphasized the importance of talking to soldiers in the field. What procedures do you have to ensure that the warfighter perspective is included in your plans, and what ideas and changes have you made as a result of field input?

A: We want to make sure that what we’re building now is something that supports the warfighter, and that the providers of this capabil-ity—our signalers—understand and support what we are asking industry to build for us. We developed a draft request for proposal for GNEC and put it on a wiki and asked everyone for their comments. It was a change of culture, as many people asked if we were serious about wanting their comments, and we said, “absolutely, yes.”

I also spend time each year visiting with each of the combatant commands and the four sub-commands within 9th Army Signal Command—the 311th in the Pacific, 7th newly formed at Fort Gor-don, 5th Signal Command in Europe, and 335th deployed in South-west Asia. I not only visit those commands, but also spend time in Iraq and Afghanistan seeing signal soldiers and units that have embedded signal soldiers in their brigade formations. I want to get a feel for how the equipment is functioning, what their training needs are, and any other particular needs they may have identified during their deploy-

ment. I provide all the feedback to the Signal Center, NETCOM/9thSC [A], PEO C3T and others, to refine or modify some of the training courses down at the Signal Center, redefine our NSC doctrine, or identify equipment shortfalls. All the feedback gets fed into our sys-tem to improve what we’re doing to support our warfighters.

Q: What are your key priorities and initiatives for cybersecurity?

A: From my perspective, when we talk about cybersecurity, I’m mostly focused on computer network operations and computer network defense, those Title 10 functions the CIO/G-6 is responsible for provid-ing on behalf of the secretary of the Army and the Army chief of staff. In that context, we have been working with the other staff elements to get better organized on how we provide support for cybersecurity. Today we have established within the G-3 an organization known as the Army Cyber Task Force. I took a general officer on my staff who was working on cyber-integration, and placed him within the G-3 staff section to effectively coordinate the various aspects of cyber from the headquarters perspective. Today, the task force has operational issues within G-3 channels, intelligence issues with the G-2, CIO/G-6 information assurance requirements, and computer network attack [CNA] and computer network exploitation [CNE] coordination with strategic organizations.

The integrated group now supports the G-3, G-2, CIO/G-6, and in some cases the G-8 from a resourcing standpoint, to determine how the headquarters should provide oversight responsibilities of cyber issues. They are also tasked with determining the future organiza-tional structure of Army support to the U.S. Cyber Command.

At the same time, we’re working with Fort Gordon to assess from a training and doctrine perspective our future needs for a cyberforce. We are synchronizing our efforts with the intelligence community to ensure our training, personnel and organization are optimized to provide Army forces for the new U.S. Cyber Command. We’ve already begun to make some changes in our warrant officer MOS structure, establishing a couple of new MOSs to look at information assurance and cybersecurity demands in support of combatant commanders. Clearly, the computer network defense and computer network opera-tions are still core responsibilities of the Signal Regiment.

Q: Where does your data strategy stand today?

A: It’s slow, but we’re making progress. We have formed a tremen-dous organization to get after this task, and they are achieving some success. We have solidified support among all the different elements within the Army that are working data issues. On the CIO/G-6 staff we have a “data czar,” who works within our architecture group to define the policies and procedures for how the data strategy ought to be implemented. We also are leveraging a group from CECOM known as the Data Center of Excellence, with about 60 people who are improv-ing our delivery of data services as well as providing technical support for data strategies. At the same time, we must provide some guidance regarding standardization of the data framework. We have a group of folks with previous experience modifying Navy logistics data policies that we have integrated into the Army to assist us with the stan-dardization of the data framework. Finally, we have another group working on data maturity, with a nationally recognized data maturity expert from the Massachusetts Institute of Technology who is assist-ing with our data analyses. We’ve combined these various groups into a single organization under the direction of our data czar, and they

www.MIT-kmi.com28 | MIT 13.6

Come see us at LandWarNet, Booth 101

The leader in secure tactical wireless communications

Even in the most extreme conditions, the NEW Fortress ES210 Tactical Mesh Point delivers secure net-centric wireless communications to the warfi ghter — anytime, anywhere. Delivered in a small rugged form factor, the ES210 provides high performance wireless networking with integrated GPS. And the FIPS 140-2 security ensures that communications stay secure.

The ES210 is one of SIX new Fortress products — delivering secure wireless communications for vehicle and dismounted soldier networks, tactical mesh networks, and 4.4 GHz solutions — debuting at LandWarNet.

www.fortresstech.com/landwarnet2009

COMMUNICATIONS TO THE EDGE

Rugged. Mobile. Secure.

are now working on a number of use cases to improve how data is accessible, available and standardized within the department.

The first use case is something we’ve been doing for the Army vice chief of staff on suicide prevention. We’re trying to work with data from a number of different sources—G-1, the Surgeon General, and Army Center for Health Promotion and Preventive Medicine [CHPPM]—to make data accessible to all organizations. Each of the staff elements has different databases, and no one is able to see all the data or look at it the same way. This is similar to 9/11, where the FBI, CIA and other organizations couldn’t share the data in their respective databases nor could everyone look at the data the same way. So we’re working now with all these staff organizations to expose their respective databases so that everyone can see each other’s data and eliminate the need for independent databases.

We’ve established the suicide prevention use case among a number of other use cases to get at improving our data strategy, including an effort we have at the headquarters to provide better data visibility for the Army secretary and chief regarding unit status, readiness and so forth. At the same time, we’re working with Forces Command in Atlanta and TRADOC, trying to standardize use and make their organizational databases visible and accessible to those who require the data. We’re not there yet, but through some of these use cases we can demonstrate what our data czar group can do. Over time, we’re going to get away from everyone with their own Excel spreadsheets and separate databases, and get to the point where data is accessible and available to those who need to use it.

Q: What are you working on in the area of Army IT governance?

A: The governance piece is all about ensuring that we operate effectively the same way, and that we operate in a way everyone understands what the configuration should be. We’ve redesigned our governance structure to set up two boards, in a manner simi-lar to DoD. We have an Engineering Review Board, which looks at the technical aspects of our network, and an Operations Review Board, which looks at how we support the warfighter and what we need to do differently to effect those changes. Part of governance is also trying to standardize our procurement policies. We have recently spent some time emphasizing the four tenets of GNEC: operationalize the network, improve the security of the network, find efficiencies and effectiveness to afford the network, and make it joint.

When you look at those four aspects, the one that clearly is the linchpin is efficiency and effectiveness. We’re working with the program manager for CHESS [Computer Hardware, Enterprise Software and Solutions] to standardize some of our procurement procedures, because we’ve found that in many cases people go out and buy IT when they want to, but the system they procured does not have the right standard or configuration. Part of this governance activity is to standardize procurement policies and processes, so that not only do we get the right configuration onto the network, we also save money by buying our systems with enterprise purchases. ✯

www.MIT-kmi.com MIT 13.6 | 29

FOR THE MILITARY, CLOUD COMPUTING PROMISES TO DELIVER THE BENEFITS OF NETWORK-CENTRIC WARFARE WHILE ALSO PROVIDING A ROBUST AND AGILE INFRASTRUCTURE.

BY LAUREN C. STATES

LSTATES@US.IBM.COMMajor business and market trends are

spurring the growth of cloud computing within government and industry, even as the definition of this newly emerging information technology concept is still evolving. For the military, cloud computing promises to deliver the benefits of network-centric warfare while also providing a robust and agile compute infrastructure capable of supporting a surge in processing during times of increased operations tempo.

Cloud computing’s promise of a new service-delivery model is compelling entire industries to rethink their IT, and even their business models. Cloud computing offers a standard, simplified and central-ized platform for on-demand use, charac-terized by self-service, rapid provisioning, elasticity and scale.

From the providers’ perspective, cloud computing is an approach to sharing IT infrastructure in which large pools of secure computer systems are linked together to provide IT services. These ser-vices, described as infrastructure, platform or software “as a service,” will enable the further development of network-centric applications.

www.MIT-kmi.com30 | MIT 13.6

Through the cloud computing model of IT services, the military can better manage the unpredictability and dynamic nature of IT support to warfighter operations. Enterprise data centers will oper-ate like the Internet, providing extreme scale and fast access to users engaged in network-centric operations, with no discernable drop in performance.

Working on hundreds of cloud computing engagements over the past two years, IBM has learned that workload characteristics, regard-less of industry or public sector, provide the best insight into what business and IT services can be initially implemented. Workloads, such as collaboration, application development and testing, desktop and storage services, will move faster to cloud computing, presenting rapid return on investment and productivity gains. Complex transac-tional systems will be more challenging to host as shared standardized services.

Applications and services across several lines of business in the Department of Defense are provided in a cloud delivery model today. From the Global Combat Support System to Defense Knowledge Online, users do not necessarily know the underlying IT, or care if the computing environment is on their installation or on the other side of the world. As new services and applications come into operation, the application owners can choose among multiple platforms for service delivery.

The migration to more pervasive cloud computing in DoD will occur along multiple paths in parallel streams. As in the engagements we’ve worked on, the application development and testing environ-ments at DoD are strong candidates for migration. Most commercial enterprises devote 30 percent to 50 percent of their technology infrastructure to development and test, but typically 90 percent of it remains idle.

Safely enabling developers to serve themselves can dramatically reduce IT labor costs, reduce provision cycle times and significantly improve quality. Application service centers, such as Army Commu-nications-Electronics Life Cycle Management Command’s Software Engineering Center, are prime candidates for these services.

STRATEGY FOR THE JOURNEY

To begin the cloud journey, you must first create a cloud comput-ing strategy to set priorities and establish a governance model. Next, you assess your environment and determine opportunities for consoli-dation and migration of workloads to cloud computing. The first place to look will be those applications and services that are built on industry standard interfaces and have a high degree of repetitive tasks. Some infrastructure software and applications can be determined redundant, and your governance model should establish criteria for collapsing these capabilities.

New workloads will emerge during the migration to cloud, as high volume analytics are easily delivered in this highly virtualized environ-ment. At DoD, this will play a key role in the detailed analysis required in applications, ranging from cyber-defense threat determination to facial pattern recognition. As defense organizations become more familiar with developing and deploying applications in this manner, they will create a broader, more highly interoperable infrastructure that enables mission and business transformation.

Defense network operations will go through an equally transfor-mational experience as cloud computing becomes more pervasive. The Global Information Grid is already a high-speed, meshed virtual network. The next stage will include pooled compute resources and

a move toward the concept of ensembles, or collections of compute resources consisting of the platform, middleware and application layer.

The management requirements of these systems will require a similar maturation from the domain level stovepipes of today to the business- and mission-aligned enterprise service management system of tomorrow. This will require a high degree of interoperability and collaboration among the global defense NETOPS community. In today’s challenging economic environment, government and industry are looking to cloud computing for ways to cut costs and reduce their impact on the environment, yet be able to quickly and massively scale when the OPTEMPO demands it. Initial results from cloud providers are promising. Some clients have reduced IT labor cost by 50 percent in configuration, operations, management and monitoring of applica-tion development environments, while capital utilization improved by 75 percent. Provisioning cycle times were reduced from weeks to hours or even minutes. And as desktop services virtualize, end user IT support costs have been reduced by more than 40 percent.

Here are a few questions to consider as your organization gets started with cloud computing:

What advantage could you gain in achieving your mission by • using cloud computing? What innovative internal and external services could you • deliver at higher quality, lower cost and faster with a cloud model?What unique restrictions will your organization place on • cloud computing and on the handling of data, either in transit or at rest?What policies, practices or legislation might be in effect that • would support or inhibit the adoption of cloud computing?What are the security requirements of your organization? • What do you need to provide a trusted environment?What government software applications, and what different • kinds of users, might lend themselves more readily to a cloud-based approach?

Chances are good that these questions will bring on the realiza-tion that your organization needs to change at a time when you need to do more with less. With the spike in computing power at your disposal, and the emergence of cloud computing, there are unlimited possibilities to deliver services in new and innovative ways. The core of this transformation is a service management system that provides visibility into what’s going on, the ability to control the environment, and automation capability to enable unlimited application and service availability.

Take all of these elements together and you’ll see that we have an opportunity to use IT in ways that weren’t imaginable just a few years ago. Cloud computing adds a powerful, new delivery model to your arsenal, reducing costs and enabling the military to rapidly respond to the needs of the warfighter. ✯

Lauren C. States is vice president of the IBM Software Group.

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at

www.MIT-kmi.com.

www.MIT-kmi.com MIT 13.6 | 31

Since its inception in 2006, the Army’s Infrastructure Modernization Program (IMOD) has been the most massive restructuring of information technology in the history of the mili-tary. Its ultimate goal is to provide a superior communications infrastruc-ture to support the warfighter. IMOD and its $4 billion cost ceiling have been divided among 10 prime con-tractors charged by the government to improve, upgrade and re-engineer the entire basic infrastructure of voice,

data and video at base level, which means all Army posts, camps and stations.

IMOD, the successor to the Digital Switched Systems Moderniza-tion Program that expired in 2007, is in the third year of a five-year period of performance (POP) ending in April 2011. A second five-year time frame, the option POP, concludes in 2016.

What makes IMOD’s scope so vast is its mandate to examine the current IT infrastructures at selected Army locations worldwide, deter-mine where capabilities have been constrained by the architecture of the older systems, and develop an infrastructure that is reliable, secure and sustainable. All equipment required for the new architecture must be technically compliant and, in some cases, certified by the Defense Information Systems Agency Joint Interoperability Test Command (JITC). Certification by JITC means that a product has undergone rigorous testing and been approved in a number of critical areas such as security, protocol compliance, scalability and stability.

As part of the process, there are two forces that impact IMOD decision-making, including the need for a state-of-the-art communi-cations architecture on every military post or garrison. Modernized IT infrastructures are integral to the support of the warfighter and mission-critical facilities, especially in preparation for rapid deploy-ment. In addition, a low cost of ownership must be maintained once the system is in place.

The intent of this vast project is to provide sophisticated services on an IT backbone for garrisons that currently lack the infrastructure. The components required to accomplish this goal are many, including equipment, systems engineering, site surveys, state and local clear-ances, integration consulting, site preparation, installation, testing and logistics support. Compounding this task is that each solution is unique to each base. What works for one garrison may not apply to another.

Fort Bragg, N.C., is an example. The number of military and

civilian personnel on this long-time Army facility nearly equals the population of Chapel Hill, the state’s 16th largest city, making it a significant undertaking to completely redo Fort Bragg’s IT infrastruc-ture. In addition, IT systems must provide support to different Army forces commands, such as Joint Special Operations and Army Special Operations. Yet the information architecture solution remains unique to Fort Bragg and may be completely inapplicable for other large posts such as Fort Hood, Texas, or Fort Benning, Ga.

The Defense Department’s Base Realignment and Closure (BRAC) initiative presents other unique considerations, since it involves mass movements of battalions from one location to another. The primes and subcontractors must assure that the comprehensive architecture they deliver for the redeploying unit can not only handle the basics, such as the Army Knowledge Online Web portal, e-mail addresses, contact information, medical records and security data, but also everything else that the Army requires and may eventually need in its IT back-bone. From an IT viewpoint, there is more at stake than infrastructure development for units that are moved thousands of miles. The goal is IT sustainability during and after, which is a vital component of national security.

Prime contractors have diverse views of the impact of BRAC on IMOD. “From an environmental standpoint, it may cause IMOD to accelerate timelines for posts, camps and stations, which may affect how and when tasks are completed,” said Benjamin Fletcher Jr., vice presi-dent of Army infrastructure solutions at General Dynamics Informa-tion Technology. “However, our work is mutually exclusive from BRAC requirements, which enables us to focus on a successful project.”

A different viewpoint was offered by Jeffery Murray, Federal Divi-sion senior vice president and general manager at Black Box Network Services, another prime contractor. “BRAC presents some technology challenges because it’s a program that is constantly shifting, growing, moving and changing,” Murray said.

Regardless of all these tasks, the first three years of IMOD have already made an impact, according to Murray, who noted that IMOD “has brought benefits and provided advanced technologies and capa-bilities to many Army posts, camps and installations worldwide.”

PROMISE FULFILLED

IMOD is fulfilling its promise based upon the results from initial installations. Delivery of data when and where it is most needed is being actuated through products that meet or exceed government requirements. The government will accept nothing less than superb technical platforms.

Modernization Program DeliversProgram Delivers

ARMY IMOD PROGRAM PROVIDES SOPHISTICATED SERVICES ON AN IT BACKBONE FOR GARRISONS THAT CURRENTLY LACK THE INFRASTRUCTURE.

BY JEANA CUNNINGHAM

JEANA.CUNNINGHAM@US.FUJITSU.COM

www.MIT-kmi.com32 | MIT 13.6

It’s easy to focus on that initial $4 billion cost figure, but the Army is wisely concerned about controlling ongoing costs after IMOD and the total cost of ownership once new IT architecture is installed. The operational cost factor is especially important for prime contractors and subcontractors like Fujitsu, which provide and support optical networking equipment.

The reason the government demands products that have undergone rigorous JITC testing is to assure the selection of secure and reliable platforms. This ultimately translates to lower long-term maintenance costs, technical compliance and ease of operation. But contractor responsibility does not end with prod-uct installation. Since the Army’s goal is to bring up services on a network rapidly and at minimal cost, a command center must be able to provision services across the network without having to dispatch technicians to remote sites. The awards during the cur-rent POP have already shown that the Army’s objective of low-cost, remote maintenance is being met.

Another barometer of IMOD’s success is the creation of an environment in which government and private industry work openly, share information and create relationships. Much of that is due to the work of the Army’s Information Systems Engineer-ing Command (ISEC), which sets the standards for engineering, site surveys, design and specifications. ISEC has held a number of conferences for prime and sub-contractors dealing with all of those standards and their implementation.

“They constantly reach out to industry to find out what the

best practices, architectures and solutions might be,” said Murray. “ISEC has done a fantastic job of interacting with industry.”

Contractors emphasize IMOD’s importance for today’s and tomorrow’s Army. Fletcher said its most important benefit will be “a better and more reliable network with the best technology for men and women in uniform,” while Murray called IMOD “phe-nomenally successful.”

The generation now serving this country is more computer savvy than its predecessors, with solid IT skill sets that can be maximized with IMOD implementation. Whether it’s the basics—medical, payroll, personnel records and training—or more sensitive and mission-critical information such as secure or secret traffic, IMOD has already begun providing reliable and state-of-the-art architecture on platforms that deliver mission-critical data and information across a garrison or around the world for training, deployment or executing the mission at low operational cost. ✯

Jeana Cunningham is vice president of federal sales for Fujitsu Network Communications.

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com. For more information related to this subject, search our archives at

www.MIT-kmi.com.

www.MIT-kmi.com34 | MIT 13.6

IMPROVED SECURITY AND REDUCED COSTS ARE AMONG THE ATTRACTIONS FOR THE MILITARY OF THIS INCREASINGLY POPULAR APPROACH TO UTILIZING COMPUTING RESOURCES.

(Editor’s Note: MIT Magazine recently reached out to executives of several companies for their perspectives on the potential of virtualization technology for the military. Following are their responses.)

CONSOLIDATING NETWORK SECURITY WITH A UNIFIED PLATFORM DELIVERS PROFOUND IMPROVEMENTS IN THE ABILITY TO MANAGE THE DIVERSE RANGE OF THREATS THAT CONFRONT DOD NETWORKS.

BY JEFF LAKE

JLAKE@FORTINET.COM

I n f o r m a t i o n assurance or IT pro-fessionals concerned with network secu-rity in the Depart-ment of Defense are confronted by a constantly evolv-ing array of threats and increasing

compliance requirements. They must bal-ance the ability to manage this dynamic “threatscape” against many other imper-atives, including capital and operating costs, limited data center space, manage-

ability and, increasingly, environmental concerns. In the DoD world, the other factor of great consideration is the bal-ance of deployable network security assets between tactical and garrison environ-ments.

Driven by space, power, budget and other constraints, consolidation has become both a tactical and strategic imperative for DoD IT and network defense professionals at all levels. The benefits of consolidation, whether physical or virtual, are well-known, including lower equip-ment and operations costs, less power consumption, improved manageability, and a better environmental footprint.

Most of the buzz about consolidation concentrates on its application to the data center as a whole, or to application servers in particular. But this focus over-looks an area where consolidation offers even more dramatic advantages: network

security. In the case of application server consolidation, most of the benefits are in some sense peripheral to the fundamen-tal task at hand, which is the delivery of application services. By contrast, con-solidating network security with a unified platform delivers profound improvements in its ability to accomplish its fundamen-tal task—managing the diverse range of threats that confront DoD networks.

Consolidation yields superior threat intelligence by making possible the uni-fication of threat research, which is the vendor-based research and development effort that supplies the multi-layered secu-rity intelligence necessary for successful threat management. Traditionally there has been something of a rivalry between antivirus and vulnerability researchers. As attacks become more complex and multi-modal, however, they demand a hybrid approach to threat research that combines these two disciplines, as well as others. Just as enabling the various countermea-sure modules in a consolidated solution to share knowledge makes the response to threats more effective, so too an integrated

Securing the Virtualized Network

www.MIT-kmi.com MIT 13.6 | 35

program of research and development across all threat types delivers more accu-rate countermeasures.

Consolidating network security also delivers notable cost benefits. According to Gartner research, the most important way information security organizations would save money is to leverage the convergence of established security func-tions into network- or host-based security platforms that provide multiple layers of security in a single product to protect against an evolving multitude of net-work and content threats. The research estimated that by 2010, only 10 percent of emerging security threats will require tactical point solutions, compared with 80 percent in 2005.

NETWORK BENEFITS

Virtual networking provides a method to consolidate multiple devices, such as those typically found in a garrison data center or in a deployed tactical environ-ment, in order to simplify and reduce physical hardware requirements. This is especially important in tactical deploy-ment scenarios where space and power are at a premium.

Implementing virtual networking tech-nologies allows a single network device to transparently host multiple networks or echelons on a common infrastructure. Virtual local area networks (VLANs) allow network links to be shared by virtualized servers to help improve network perfor-mance, reduce management complexity and enable more granular usage policies.

Two important areas to review further in the virtual world are virtual domains (VDOMs) and VLANs. VDOMs enable the capability to use a common infrastructure to provide routing and network protection for several organizations or echelons. This is useful for DoD networks, where each orga-nization requires its own network interfaces (physical or virtual), routing requirements and network protection rules.

VLANs allow a single physical trunk to support up to 4,096 virtual networks. Using virtual networks allows a single trunk to support multiple echelons and applica-tions while providing a method to manage traffic and network performance. Routing between VLANs and between VDOMs adds more flexibility and scalability.

The primary reasons for implement-ing VDOMs and VLANs are to improve

network manageability, scalability and security. Security solutions for virtual net-works must allow management on a per-customer or per-application basis, while ensuring availability of the control itself and the systems it protects. Also required is a high-performance security platform that is capable of scaling to support thou-sands of virtual networks with manage-ment, logging and reporting customized for each customer or application.

In a traditional virtualized model, where software appliances are loaded as guest machines in a virtual infrastructure, ensuring availability can be problematic. Ensuring that high-volume attacks do not monopolize resources on one machine while starving others often becomes an issue. This can be managed through com-plex rules that cross functional boundaries between security and systems administra-tion. But this confusion of ownership and custodial care serves to weaken, not enhance, security programs leveraging traditional virtual infrastructures.

Complexity is the enemy of security, and with the dedicated nature of the Forti-net FortiGate platform, such problems do not exist, while maintaining robust virtualization specific to IA and seam-lessly integrating into traditional virtual infrastructures with greater security and decreased operational risk.

Three key requirements for virtual network security exist: manageability, scalability and modular security. The solu-tion must support the ability to manage multiple domains and multiple networks from a single device with domain-spe-cific administrative profiles for log data, reports, alerts, options and menus.

Scalability is a key requirement, as the performance to support thousands of VDOMs and VLANs without impacting overall network throughput, specific users or applications is vital. Lastly, modular security is imperative, since not all secu-rity settings are appropriate for every echelon being serviced. This requires a complete security suite in which specific solutions can be applied on a per echelon or per application basis while providing a low cost of ownership.

TRUSTED CONNECTION

In today’s environment, where the threat landscape changes daily and the cyberdefense of DoD networks is con-

stantly being tested, finding ways to sim-plify network topologies and provide for a more effective event aggregation and cor-relation is crucial. As part of the federal Comprehensive National Cyber Security Initiative (CNCI), the Trusted Internet Connection (TIC) initiative has these goals in mind.

The Bush administration developed CNCI to improve how the federal gov-ernment protects sensitive information from hackers and nation states trying to break into agency and DoD networks. The White House assembled the initiative after a string of cyber-attacks on multiple agency computer systems. As one of the 12 components of the CNCI, the TIC ini-tiative was formalized in November 2007, with the goal of decreasing the number of connections that agencies had to external computer networks to 100 or fewer. Offi-cials believe that the fewer connections agencies have to the Internet, the easier it will be to monitor and detect security incidents. With this consolidation, virtu-alization and virtualized security will be cornerstones.

Consolidating network security with a truly integrated unified threat manage-ment solution provides better network protection and more efficient use of capi-tal budgets, lowers operational expenses by reducing the management burden as well as training, support and threat update costs, and preserves investments by allow-ing the ability to add robust security functionality with little or no additional hardware. Added to these hard savings are the green benefits of consolidation, most notably a smaller carbon footprint across the entire life cycle of the equipment.

Disparate products, even when from the same vendor, lend to a complex inte-gration that if not done correctly leads to gaps, which lead to vectors for infection and infiltrations. A consolidated secu-rity approach, however, leads to a more seamless deployment of security practices developed from the ground up to augment one another. In short, network security consolidation is one of the best invest-ments DoD IA and IT professionals can make.

Jeff Lake is vice president of federal operations at Fortinet, a provider of network security appliances and unified threat management.

www.MIT-kmi.com36 | MIT 13.6

OPEN SOURCE AND OPEN STANDARDS VIRTUALIZATION OF SERVERS AND DESKTOPS IS A POWERFUL TOOL FOR THE DELIVERY OF INFORMATION ASSURANCE.

BY DAVID EGTS

DEGTS@REDHAT.COM

Open source and open stan-dards virtualiza-tion of servers and desktops is a powerful tool that system adminis-trators and secu-rity personnel can use to aid in the

delivery of information assurance and cybersecurity.

Many are surprised to find out that virtualization technology isn’t new, but goes back to the days of the “big iron” mainframe. Unfortunately, mainframe virtualization did not become widespread, largely because of high barriers of entry related to steep startup costs and a need for specialized mainframe administration skills. Instead, many organizations based their server infrastructure on relatively lower cost and more open UNIX plat-forms, where skills were much more transferable between platforms.

These UNIX systems weren’t cheap, however. To maximize their investment in UNIX hardware, organizations would run multiple services on a single server. UNIX servers are great at this. Their hardware architectures are highly scalable, allow-ing them to run many varying workloads at the same time.

The downside from a security perspec-tive is that if one service is compromised, all services and the system itself are compromised. For example, if the Web server software had a buffer overflow flaw leading to unauthorized administrator access, not only was the Web server and its content compromised, so was the ftp server and its content.

One way to solve this legacy problem is through the use of mandatory access con-trol (MAC) on the server, where there is a targeted policy for each service that needs to be secure. This works out of the box with Red Hat Enterprise Linux’s imple-

mentation of SELinux, which was devel-oped by the National Security Agency, Red Hat and many others. But not every off-the-shelf operating system supports MAC, including Windows and most UNIX variants. As such, if one service on these systems is compromised, the entire sys-tem is compromised.

Another approach to this problem is through the use of virtualization. You could have one physical server running two virtual machines (VMs), where one runs the Web server software and the other runs the ftp server software. In this case, if the Web server is compromised, the ftp server is still safe.

Going further, you could have one set of administrators managing the Web server VM and another team managing the ftp server VM. This keeps the Web and ftp data isolated on different VMs, although they may be running on the same physical server. Going further, if your hypervisor is MAC capable, you can again isolate the hypervisor and VMs from compromising each other even if the hypervisor itself is compromised, and even if the guest operating systems aren’t MAC capable.

DESKTOP INFRASTRUCTURE

Virtual desktop infrastructure (VDI) is the next evolution of virtualization by adding the desktop into the virtual fold. One of the primary motivators for VDI is cost savings. Less time and effort required to provision, control, manage and update virtual desktops result in sig-nificant cost savings compared with their physical desktop counterparts. Plus, the thin desktop hardware itself has much lower acquisition costs and much longer refresh cycles.

In addition to the compelling cost advantages, VDI provides tremendous advantages in terms of IA and cyberse-curity.

The most obvious security advantage of VDI is physical security. When the VDI virtual desktop image is stored in a SAN locked in a server room, the probability of disk drives disappearing is much lower than disappearing from a workstation

under someone’s desk. In addition to limiting physical access, the virtual disk files can be encrypted on the SAN, making them less useful outside the server room and making data at rest even more secure. Security teams can also control the access to USB and other devices through the VDI central management interface, adding yet another layer of security protection.

Another advantage of VDI is the ability to rapidly re-provision systems using sys-tem build templates that are certified by your IA organization. Historically, desktop systems would stay secure by checking in with a systems-management server as the client boots, and periodically thereafter. The weak link with this approach is that the security team is counting on the cli-ent to phone home to pick up and deploy updates. If the client has been compro-mised, all bets are off for remediation and exposure containment.

By using VDI, the security team can re-spin system templates and apply patches from the server and SAN infra-structure without the need to count on the client software to pick up the updates. Also, the re-provisioning of new systems happens at SAN speed, as opposed to LAN speed, so the ability to re-provision new, IA-certified VDI VMs weekly or daily is both practical and provides a significantly smaller time window for compromise. If a VDI VM is compromised, moreover, a snapshot can be taken instantly for foren-sics purposes, and the user can be issued a new VDI VM immediately without loss of productivity.

Keeping the VM’s disk images on a high-speed SAN also significantly aids with disaster recovery planning and exe-cution. If a facility encounters a cata-strophic failure, the off-site disaster recovery facility could have both servers and desktops operational in hours or less by using traditional off-the-shelf SAN data replication technologies.

VELOCITY AND INNOVATION

When considering which virtualiza-tion technologies to adopt, users should demand open source and open standards for two major reasons.

First, open source delivers feature velocity and innovation. Proprietary vendors need to develop everything themselves, from the mundane to their own market differentiators. Open source

Open and Secure Virtualization

www.MIT-kmi.com38 | MIT 13.6

DESKTOP VIRTUALIZATION IS PERHAPS THE MOST IMPRESSIVE COMPONENT OF THE VIRTUALIZATION SOLU-TION ARSENAL.

BY TOM SIMMONS

TOM.SIMMONS@CITRIX.COM

Over the past year or so, the U.S. military has taken a closer look at virtualization technologies. With military thin client initiatives gain-ing ground within both the Army and

the Navy, and with electronic medical records (EMR) mandates coming directly from the White House, virtualization technologies present a secure, cost-effective solution to complex military IT challenges.

When considering virtualization solu-tions, it is important to note that the term “virtualization” can refer to different types of technologies: application, server and desktop virtualization.

Application virtualization manages appli-cations and licenses independently of the operating system. Applications run in more environments, and security is built in. Appli-cation virtualization has been around for years—even decades—and military IT pros are comfortable with this early generation of virtualization technology.

Server virtualization provisions physical servers to act as multiple virtual machines.

Because the data center can support more applications and users with fewer physical servers, data center costs and IT management time drop dramatically while the end-user experiences a boost in performance. Server virtualization has been on the IT landscape for a few years now and acts as a key compo-nent in some military IT solutions.

Desktop virtualization manages a single “golden image” in the data center and deliv-ers that image to desktops or thin clients. That golden image is housed, along with user profiles, behind the firewall in the data cen-ter. Only encrypted pixels and mouse clicks travel over the secure network. Security and performance for mobile and remote person-nel improves, and expensive equipment lasts years longer, leading to big savings in the total cost of ownership for the desktop.

Relatively new to the military IT lexicon, desktop virtualization is perhaps the most impressive component of the virtualization solution arsenal. There is already a great deal of interest in desktop virtualization, with pilot programs and proof-of-concept programs well under way.

END-TO-END SOLUTIONS

Depending upon the mission, one par-ticular level of virtualization may provide a meaningful solution. From a strategic, big-picture standpoint, however, end-to-end virtualization solutions—those employing multiple types of virtualization technologies,

from the data center to the desktop—can provide the biggest performance and produc-tivity gains and generate the most significant power and equipment savings.

As the military moves forward with IT-based initiatives such as thin clients and EMR, the end-to-end virtualization approach provides the strongest and most secure data infrastructure, with the most robust end-user experience, for the most tangible cost savings available.

Since computing is critical to every mili-tary function from the supply office to the front lines, the number of military desktops, laptops and other end devices has exploded. The drains on IT personnel and budget resources to maintain, manage and replace each individual computer have gotten out of hand. Software updates and patches, as well as equipment refreshes, take a lot of time and money in the traditional military computing environment.

The military has already recognized that thin clients—diskless desktop computers that pass most processing and administrative chores to a centralized server—are the key to managing this exponential IT growth. Fewer moving parts and no local storage reduce administrative and energy costs. Security improves as well, since no data actually resides on the end device itself.

The Army’s Thin Client Architecture Standardization for Army Small Computer Program, for example, takes advantage of virtualization technologies to support thin clients. Virtualization brings thin client com-puting to its highest level by:

moving most processing and admin-• istrative chores to a centralized server;

vendors share upon one another’s successes by leveraging similar core technologies. This leveraging focuses a greater percentage of their engineering resources on driving innovation.

When many vendors share the same core foundation, the security of the core code is much more robust and secure than code viewed by a select few. A perfect example of this is SELinux. Vendors that base their virtualization on open source have the option to add the time-tested and robust SELinux MAC efforts made by NSA, Red Hat and others, as opposed

to investing engineering resources in inventing parallel security technologies from scratch.

Secondly, open standards lower bar-riers to exit. By mandating open stan-dards, switching costs are lower and more choices are available, which leads to lower costs, vendor competition and better value. Open standards only work properly when there are open source reference implementations—that’s how users can be sure that the standard is practical, and that they won’t be beholden to a single vendor for compliance.

Even if a proprietary technology has a current market lead in certain areas, users should take care. Open source has a proven track record of rapidly match-ing proprietary technology features and security robustness—and soon after sur-passing them. Nobody is smarter than everybody.

David Egts is a principal solutions architect for Red Hat.

Virtualization: A Mission-critical IT Solution

www.MIT-kmi.com MIT 13.6 | 39

DEFENSE LEADERS USE VIRTUALIZATION TO REDUCE COSTS, SIMPLIFY THE IT COMPLEXITY AND IMPROVE DEPLOYED OPERATIONAL CAPABILITIES.

BY TIM BLOECHL

TIM.BLOECHL@MICROSOFT.COM

I am always amazed at the size and complexity of many of the mili-tary networks we support around the world. At Micro-soft, we support a growing number of defense organi-

zations that are embracing the power of the Internet, within policy and security con-straints, to improve all aspects of their busi-ness and operational processes. They all face a common challenge—to meet the needs of a very IT-savvy work force within reduced or no-growth budgets. CIOs and other officials responsible for these military architectures are turning to virtualization as one means to

meet this challenge.We view virtualization as a means to help

IT departments maximize cost savings and improve business continuity. These solutions address both physical and virtual infrastruc-tures, and are based on familiar Windows interfaces and work with well-known Win-dows-based technologies. Because of this standardization, virtualization solutions can be supported by a broad network of experi-enced Microsoft partners who can rapidly respond to the needs of our customers.

We recently introduced Hyper-V technol-ogy with our Windows Server and System Center product, which is used to virtualize IT enterprises. We are finding this technology works very well in supporting the complex nature and size of defense networks. First, it allows IT professionals to optimize their assets seamlessly, centrally managing their physical and virtual resources across multiple hypervisors down to the application level.

Second, the physical reduction of server infrastructures supporting defense networks

is a huge win-win for a variety of reasons, including a smaller system to maintain and significant power savings. Third, the tech-nology works with the tools IT staffs already know and use, which certainly helps to sim-plify deployment. This tends to reduce train-ing requirements and cost across these large military enterprises.

In fact, reducing cost is a major factor in customer decisions to employ virtualiza-tion capabilities. We are finding use of our Hyper-V technology, and virtualization server solutions are approximately one-third the cost of competitor solutions. However, we do ensure our solutions work with competing virtualization technologies so our military customers have the flexibility to choose.

CONSOLIDATION SOLUTIONS

Resource utilization is also a key driver in customer decisions to turn to virtualiza-tion. It’s an increasingly important topic among defense CIOs who see their operations constrained by poor server and storage utili-zation. This means there may be over-invest-ments in hardware, and thus wasted space and power usage, not to mention propagat-ing operational inefficiencies. These in turn

securing data in the data center, • behind the firewall, with no sensitive information stored on a vulnerable end device;converting outdated desktops and • laptops into thin clients;enabling access to the latest • applications, even from older devices;reducing power consumption • of military desktops by up to 90 percent; andadding years to the life cycle of • existing equipment.

Simply put, end-to-end virtualization offers the military a solution to make com-puting manageable, improve security, reduce costs and boost performance for the end-user.

SECURE DELIVERY

Could the days of servicemembers hand-carrying personal health records to each duty station and to each medical appointment become a distant memory? President Obama

says yes, stating in no uncertain terms that all medical records are to be digitized within five years.

The military plays a key role in the implementation of this presidential man-date. The Department of Defense has been challenged to find ways to securely deliver the complex and sensitive records of each servicemember. Unique to the military is the need to deliver these EMR to both military health care installations and to the many pri-vate practitioners and specialists also treating servicemembers.

Just as with thin clients, end-to-end vir-tualization provides a safe, secure solution for delivering all manner of applications and information for EMR. From the data center to the end device, virtualization technolo-gies can build the military’s IT backbone for secure delivery of patient records, including images, to any physician authorized to log on to the secure network. All data still resides safely in the data center, and never on an end device. This provides an added level of security for the men and women who serve our country.

Another unique facet to the military’s EMR mission is the need to migrate the different health record systems of DoD and the Department of Veterans Affairs (VA) to a secure, interoperable system. Today’s active duty servicemembers are tomorrow’s retirees, and a successful military EMR solution must have the ability to make that same transition. DoD and VA are already working together on a virtualization solution that makes it easier to move EMR from one medical system to the other, and more virtualization solutions will come into play as EMR becomes a reality over the next few years.

From thin client initiatives to electronic medical record mandates, virtualization tech-nologies give the U.S. military the right tools to meet their IT missions. Security, savings and performance are all part of the virtualiza-tion package that presents military IT teams with an end-to-end data architecture that will work today and well into tomorrow.

Tom Simmons is area vice president for government systems for Citrix Systems.

Virtualization Meets the Challenge

www.MIT-kmi.com40 | MIT 13.6

increase costs and lead to negative environ-mental impacts.

Virtualization technologies help military organizations consolidate data centers, thus reducing costs and improving agility. We work with a wide range of storage infrastruc-ture partners to deliver these data center cost savings through the combination of server and storage consolidation. The end result is minimized capital expenditures, reduced operating costs and improved service levels.

Business continuity is also a major fac-tor considered by CIOs when they turn to virtualization. Implementing a reliable, rapid-recovery strategy can be a time-consuming and expensive affair, requiring redundant server, storage and network infrastructure often in separate locations. Because of this, many defense organizations simply don’t have comprehensive business continuity plans to protect their critical infrastructure and applications.

With virtualization business continuity solutions, CIOs can add high availability and disaster recovery options into their opera-tions. Plus, if they already deploy business continuity for some of the applications they use across their networks, they can use vir-tualization solutions to extend protection to additional applications.

Service personnel increasingly want access to software applications and data from anywhere or from any device. While this capability may add to their productivity, it can create complexity and higher pressures on cost control for IT departments. Additionally, as hardware theft rises, securing laptop and desktop PCs, and handheld devices, requires significant resources.

We are seeing military IT leaders increas-ingly considering virtualization as the answer to these challenges. Device virtualization involves decoupling the different computing layers and storing some or all of them in a data center. Through virtualization, defense personnel can access their applications and data very safely over a network, minimiz-ing the risk of data loss. On the IT side, virtualization accelerates deployment of new capabilities without needing to acquire new hardware and configure components. It also helps reduce application testing require-ments and compatibility issues and simplifies disaster recovery and compliance.

DEPLOYMENT VIRTUALIZATION

As deployed military forces operate from very austere locations, these remote sites

in larger enterprises often have limited to no IT staff and depend on centralized and higher-level headquarters for most IT sup-port. These central locations face various challenges, including reducing hardware and maintenance costs, quickly provisioning new servers, guaranteeing data protection and information assurance, and providing busi-ness continuity with maximum uptime.

Virtualization provides tremendous ben-efits designed to mitigate these challenges. By comparison to commercial business, where remote and decentralized operations can be a way of life, recent Microsoft surveys have found that close to three-quarters of U.S. retailers and a majority of tier-one banks are turning to virtualization to solve their IT challenges.

There are several ways to address virtu-alization for deployed forces. IT staffs can centralize services where servers and desk-tops are virtualized at the data center and applications are served to the remote loca-tions over a WAN. Another method is to use a hybrid services approach in which services are centralized with local copies or caching mechanisms available at the remote loca-tions, complemented with use of WAN Opti-mization technologies.

Organizations can also virtualize servers and desktops locally at the deployed end while managing them centrally from the data cen-ter. In the future, I believe we will see a great deal of focus on this latter method as military organizations utilize deployable data centers into operational locations.

There is no doubt our military forces are experiencing the benefits of operating in the information age. The requirement to main-tain large defense computer infrastructures and the increasing use of this technology in every aspect of military operations challenge the best CIOs and their IT staffs, who are often asked to do more with less. Virtualiza-tion is the method many of these defense leaders are using to reduce costs, simplify the complexity of their IT enterprises, and improve deployed operational capabilities and business continuity. ✯

Tim Bloechl is managing director of worldwide public safety and security for Microsoft.

PRECISE NETWORKPROTECTION.

Security with bite. WWW.FORTINET.COM

WE SEE EVERYTHINGDetecting threats with unmatched visibility and lightning-fast reflexes is crucial to complete network security. Fortinet's razor-sharp defenses eliminate threats before they can infest your network.

Fortinet is your market-leading network security provider and worldwide leader of unified threat management (UTM) solutions.

Contact Editor Harrison Donnelly at harrisond@kmimediagroup.com.

For more information related to this subject, search our archives at www.MIT-kmi.com.

www.MIT-kmi.com MIT 13.6 | 41

Compiled by KMI Media Group staffCompiled by KMI Media Group staff

Multiplexer Enables Network Speed and Bandwidth

Fujitsu Network Communications, a supplier of optical and wireless networking

solutions, has announced the general availability of second-generation 40 Gbps

interfaces for its Flashwave 7500 reconfigurable optical add/drop multiplexer

(ROADM). Utilizing an innovative adaptive differential phase shift keying modula-

tion scheme and Fujitsu-patented Variable Dispersion Compensation, the units

enable network growth up to 1.6 Tbps of capacity to help customers meet ongoing

demands for increased speed and bandwidth. Three new 40 Gbps units are now

available for the Flashwave 7500 ROADM, including the 40 Gbps Transponder, 4:1

Muxponder, and 40 Gbps Regenerator. Primarily intended for 40 Gbps core router

interconnection services, the 40 Gbps Transponder provides a full-band tunable

network interface and an OC-768 client interface. Supporting four 10 Gbps client

interfaces, the 4:1 Muxponder provides an efficient method for aggregating 10 Gbps

traffic and quadrupling the capacity of existing 10 Gbps-based networks. The 40

Gbps Regenerator provides electrical signal regeneration for long spans, eliminating

the cost and complexity involved with the use of back-to-back transponders.

Jenna Cunningham: jenna.cunningham@us.fujitsu.com

Receiver Delivers Real-time ISR Video

Harris has introduced the ISR Video Receiver, a portable product

that delivers high-resolution full-motion tactical video to individual

warfighters for real-time intelligence, surveillance and reconnaissance.

The handheld Harris ISR receiver, known as the RF-7800T, provides a

next-generation portable ground-based, remotely operated video enhanced

receiver (ROVER) for video captured by the military’s growing fleet of UAVs.

This is the first video receiver packaged in a standard military-hardened

handheld form factor, greatly increasing both portability and survivability

in demanding battlefield environments. The RF-7800T is part of an acceler-

ated push by Harris to apply its leadership in software-defined communica-

tion systems to deliver ISR video directly to the tactical edge, where it can be

viewed, analyzed and acted upon immediately. Harris previously introduced

ROVER capability in its high-performance Falcon III AN/PRC-117G multi-

band manpack radio, targeting customers with dual needs for both ISR

information and advanced multimode communications. The handheld ISR

Receiver operates in the L-frequency band, and also supports both S-band

and C-band. The initial release provides NTSC FM video formatted data.

The device feeds video to a local display and is sold with both monocle and

tablet display options.

Kevin Aman: kevin.aman@harris.com

Low-latency Solution Enables Bandwidth Efficiency

Comtech EF Data has announced the general availability of adaptive

coding and modulation (ACM) for the CDM-625 Advanced Satellite Modem.

The patent-pending and unique implementation of ACM is available for

the CDM-625 when utilizing the next generation forward error correction

VersaFEC. The combination of VersaFEC and ACM deliver significant lower

latency benefits to VSAT users when compared to alternate implementa-

tions of ACM using DVB-S2. ACM turns fade margin into increased link

capacity by automatically adapting the modulation type and forward

error correction code rate to provide the highest possible throughput. ACM

maximizes throughput regardless of link conditions. And, it can yield

higher system availability even in severe rain fading conditions with lower

throughput. VersaFEC was designed to provide maximum coding gain at

the lowest possible latency for both constant coding and modulation and

ACM operation. VersaFEC uses a constant number of symbols per frame.

When compared to DVB-S2 ACM, which uses a constant number of bits

per frame, the combination of VersaFEC and ACM provide a significant

reduction in system latency. The new Comtech EF Data low latency ACM

solution enables more bandwidth efficiency and increases throughput for

IP-based point-to-point applications.

Laptop Features Ballistic Armor Protection

The Latitude E6400 XFR from Dell is engineered to meet the needs of

even the most demanding customers in the harshest environments. The

system meets a higher drop specification and offers a greater level of dust and

moisture protection than any fully rugged laptop in its class. Designed for the

military, first responders, oil and gas environments, manufacturing floors,

field technicians, and homeland security, the Latitude E6400 XFR features

the Dell-exclusive Ballistic Armor Protection System featuring PR-481, which

leverages a high-strength substance used for applications such as cryogenics,

aircraft components, military equipment and medical devices. The Latitude

E6400 XFR also features PrimoSeal Technology

to enhance protection from dust and liquid with

compression gaskets. The fully rugged laptop is

engineered and independently tested to more

than 13 military standards for operation in

challenging environments. It shares common

images and components with the Dell Latitude

E6400 laptops for easy integration into

existing environments and enables low

ownership costs.

www.MIT-kmi.com42 | MIT 13.6

The

adve

rtis

ers

inde

x is

pro

vide

d as

a s

ervi

ce to

our

rea

ders

. KM

I ca

nnot

be

held

res

pons

ible

for

disc

repa

ncie

s du

e to

last

-min

ute

chan

ges

or a

lter

atio

ns.

ADVERTISERS INDEX

MIT CALENDAR & DIRECTORY

CALENDAR

August 18-20, 2009LandWarNet 2009Fort Lauderdale, Fla.www.afcea.org

August 24-27, 2009Air Force Information Technology Conference 2009Montgomery, Ala.http://afi tc.gunter.af.mil

September 9, 2009ComDef 2009Washington, D.C.www.ideea.com/comdef09/

September 14-16, 2009Air and Space ConferenceNational Harbor, Md.www.afa.org

September 22-24, 2009Biometric Consortium ConferenceTampa, Fla.www.biometrics.org

September 29-October 1, 2009Modern Day MarineQuantico, Va.www.marinemilitaryexpos.com

Cases 2 Go . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43www.cases2go.com

Comtech Mobile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9www.comtechmobile.com

ForeScout Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11www.forescout.com

Fortinet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .41www.fortinet.com

Fortress Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29www.fortresstech.com/landwarnet2009

Fujitsu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33us.fujitsu.com/telecom

General Dynamics C4 Systems-Needham . . . . . . . . . . . . . . . . . .5www.gdc4s.com/secureproducts

General Dynamics C4 Systems-Scottsdale . . . . . . . . . . . . . . . .13www.gdc4s.com/rifl emanradio

General Dynamics C4 Systems-Taunton . . . . . . . . . . . . . . . . .C3www.gdc4s.com

Google . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27www.google.com/federal

Harris RF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21www.rfcomm.harris.com/117g

Inmarsat . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3www.inmarsat.com/government

L-3 Communications East . . . . . . . . . . . . . . . . . . . . . . . . . . . .C4www.l-3com.com

L-3 Communications Global . . . . . . . . . . . . . . . . . . . . . . . . . . .37www.l-3com.com

L-3 Communications West . . . . . . . . . . . . . . . . . . . . . . . . . . . .24www.l-3com.com

Paradigm. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19www.paradigmservices.com

Segovia . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C2www.segoviaip.com

Seidcon Inc. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26www.seidcon.com

Smartronix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .34www.smartronix.com

Xtar . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17www.xtarllc.com

US Falcon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28www.usfalcon.com

This is a permanent, full-time supervisory position responsible for overseeing KMI Media Group’s circulation department which includes the operation of the circulation system, and scheduling and supervising department staff. Successful candidate will direct circulation strategy and monitor overall performance of services; be responsible for planning and implementing sales and service strategies; and maximize the military and defense industry circulation potential.

Candidates must be innovative, have the ability to develop and manage employees, manage effective circulation marketing programs and be able to define and maintain distribution to qualified readers.

QUALIFICATIONS: Former military and/or defense contractor employment. Position requires computer skills on Excel and Word.

SALARY AND BENEFITS: Salary commensurate with experience. Health insurance and vacation.

CONTACT: davidl@kmimediagroup.com

This is as a pepepermarmanennentt, , f lfulfulll tl-tiimeime su superperp ivisvisooryory po position responsible for overseeing KMI Media Group’s

KMI Media Group is seeking a full-time CIRCULATION MANAGER

EADS North America . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17www.eads-na-security.com

Juniper Networks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C2www.juniper.net/federal

NCI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11www.nciinc.com

Safenet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .C3www.safenet-inc.com/government

STG . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3www.stginc.com

GLOBAL NETWORK ENTERPRISE CONSTRUCT (GNEC)

www.MIT-kmi.com MIT 13.6 | 43

INDUSTRY INTERVIEW MILITARY INFORMATION TECHNOLOGY

Mike Bradshaw

Director

Google Federal

Mike Bradshaw manages Google’s fed-eral business based in Reston, Va. Prior to joining Google, he spent 15 years at Micro-soft as director of the U.S. Department of Defense business. He also worked for IBM and Oracle in the civilian and commercial sectors. Bradshaw has an MBA from The George Washington University.

Q: Google’s search technology is well-known in the civilian world. What unique benefits does your company offer to mili-tary and intelligence users?

A: That’s a great question. We are consis-tently working to adapt our Google.com technology for military and intelligence users. The major unique benefit we offer is our ability to deliver high-quality results in a firewalled environment that is attuned to the special security needs for the military and intelligence technology communities. It’s the ease of use, reliability and relevance that matters, plus the extra security inte-gration. Information that you can’t find is useless, so we work hard to fix that issue for military users.

Q: What are some of the ways in which DoD and the intelligence community are using the Google search appliance?

A: I think the best way to answer this is through a customer example. One Google Search Appliance [GSA] government cus-tomer requires instantaneous access to data from 2,500 different data sources to evaluate the location and level of security threats and resources. It’s very important to get as much of the information linked together so that employees can work more efficiently and accurately. It’s a matter of security and safety for people who are using the information. The GSA searches multiple data sources quickly, and end-users now get data that is much more relevant to their searches on threats they were facing. In addition, they were able to start integrating the information with Google Maps and Google Earth, so they not

only get back more relevant information, but also can start looking at it in a geospa-tial context, which makes it much easier to determine where a particular security threat or helpful resource may be.

Q: The company recently released a new version of the search appliance. What enhancements will it offer?

A: We launched the GSA 6.0 on June 2, highlighting the capability to scale to searching more than a billion documents. We’re thrilled with the new version largely because it really helps our users in govern-ment with large document counts.

The new 6.0 architecture also allows for really rich linking options within and across government and military organiza-tions. The GSA can work within individual clusters, or it can link different organiza-tions together. We can do it dynamically, unifying data stores then breaking those links if necessary, or leave them together at all times. Let’s say a military group needs to search across a variety of data stores, but individual employees have different levels of access to info. With the granular controls, the GSA can serve up the results that are most relevant to each employee, while staying true to individual security access levels. It’s just a really dynamic setup that gives great control to the admin. This kind of flexibility and control is criti-cal in the military and intelligence world. So it’s a very exciting new architecture for us, because of the scaling potential and dynamic results.

Q: What do you see as the future for cloud computing in the military/intel sphere?

A: I think there is a serious future for cloud computing within DoD, par-ticularly with utility applications that have become mainstream and critical for office productivity, such as e-mail or word processing. It makes no sense for DoD to have in-house experts on word processing or spam filters when Google can leverage existing expertise on those tools. Part of the reason cloud comput-ing is such a smart move for government also is its impact on budget—agencies and large organizations save significantly by adopting cloud tools like Google Apps due to economies of scale, and they get consistent innovation at the same time. Because Google Apps are hosted on the Internet [hence, cloud], Google can add updates, security fixes and applications immediately. There is no need to wait for patches/software to be downloaded and deployed, which can take time and makes an organization vulnerable in the interim. Cloud computing solves that issue.

Also, when the customer (like DoD) doesn’t have to worry about spam in employee e-mail, the customer can bet-ter focus on its core mission—bringing on IT people to do more innovative work. Essentially, cloud computing can save DoD [and anyone else] time and money, as well as opening up a channel for increased technological innovation. So I think the future is bright.

Q: Is there anything else you would like to add?

A: I’d just add that Google is very much committed to working with the govern-ment—that’s why we opened a second Washington, D.C.-area office in Reston. There are many more Google tools we could talk about, but I guess they will have to wait for the next interview! ✯

www.MIT-kmi.com44 | MIT 13.6

WIN-T is…

being fielded today.

a self-forming and self-healing network.

providing integrated network operations.

a mobile, ad-hoc network.

the U.S. Army’s current and future network.

For more information please call 508-880-1759.

© 2007-09 General Dynamics. All rights reserved.Select photographs courtesy of the U.S. Department of Defense.

THE MOST SECURE WAY TO TRANSMIT IP DATA IS ALSO THE FASTEST

10 Gbps HAIPE®

L-3com.com

NSA certifi ed, fully programmable and lightning fast, the world’s fi rst and only 10 Gbps HAIPE®

In-Line Network Encryptor is here. Engineered to deliver the highest possible encryption

performance over IP networks, the L-3 KG-245X offers a balance of capability and user-friendly

operation that lowers support costs and is easy to deploy across the enterprise and WAN environments.

For more information about upgrading to 10 Gbps HAIPE encryption technology that will help

secure your mission-critical networks, visit L-3com.com/HAIPE or call 856-338-6277 today.

C3ISR > GOVERNMENT SERVICES > AM&M > SPECIALIZED PRODUCTS

Communication Systems-East

HAIPE® is a registered trademark of the National Security Agency. KG-245X incorporates NetHawk VPN Technology licensed by SafeNet Inc.

KG-245X: IN A CLASS BY ITSELF