Navy says new intranet will upgrade computer security

[William Knowles <wk () c4i org>]

http://www.govexec.com/dailyfed/0601/062701j1.htm

By Joshua Dean
jdean () govexec com 
June 27, 2001

When the Navy Marine Corps Intranet (NMCI) comes online in mid-July,
the programs entire security infrastructure will be fully operational
and effective, Navy officials said Tuesday.

NMCI is the Navys 5-year, $4.1 billion-effort to outsource the
technology, maintenance and help desk support for over 350,000
desktops and 200 networks. The Navy awarded the NMCI contract to
Electronic Data Systems in October 2000.

Scott Henderson, a systems engineer at the Space and Naval Warfare
Systems Command, outlined the projects exhaustive approach to security
at a press conference Tuesday.

NMCI will use six network operation centers equipped with full-time
security staffs. These centers will govern all network traffic between
NMCIs networks and the public Internet.

The network operation centers will fully isolate the Navy and Marine
Corps from outside networks, Henderson said. The government has
outsourced the infrastructure but has retained the authority to run
the network.

NMCIs security wont end there. Further monitoring will occur at the
regional and command level, and every workstation and server will be
monitored for viruses and outbreaks of malicious code. Under NMCI,
every Navy and Marine Corps server will be moved to server farms
managed and protected by the network operation centers, thereby
limiting access points and reducing security risks.

Currently, the Navy suffers from differing security capabilities at
its various commands, said Henderson. NMCI will unite the Navy under a
single security policy. The Marine Corps already has one.

The Navy has reason to pay close attention to information security.
Last year, the Navy tracked 23,662 possible hacking attempts on its
networks. Thus far in 2001, the Navy knows of 125 successful
intrusions into its systems. While most of those were aimed at Web
sites rather than core business systems, the Navy takes each hacking
incident very seriously, Henderson said.

Most successful hacks could have been prevented had known
vulnerabilities been fixed, Henderson said. NMCIs enhanced security
will make it easier for the Navy to fix known software foul-ups that
hackers typically take advantage during their exploits. Fixing such
vulnerabilities should enable the Navy and Marine Corps to focus on
more advanced information warfare threats, such as those posed by
foreign states or terrorist groups, said Henderson.

NMCI will be the largest Defense Department implementation of public
key infrastructure (PKI), said Henderson. A PKI is used to restrict
computer access to only authorized users as well as to protect and
encrypt data traveling over networks.

EDS stands to earn up to a $10 million performance bonus if Navy and
Marine Corps official s are satisfied with NMCIs level of security.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*


ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.