Navy Seeks More Control of its Expansive Computer Network
The Navy/Marine Corps Intranet — NMCI — is bigger than anything the Army operates, or the Air Force. Or even the Defense Department.
It is second only to the Internet itself in terms of scale.
Now, the Navy has plans to make it even bigger.
“The resources look to be declining and all the security needs and the appetite keeps increasing,” said Brian Broene, the Navy’s deputy director of network operations. “We want to be better able to command and control our networks.”
Some 700,000 sailors, marines and civilians spread out across the United States, Japan and Puerto Rico rely on the Navy’s intranet every day.
The service is in the beginning stages of a program that will add its overseas land-based users to the network while allowing it to take more day-to-day control of the system from its contractors. The Navy hopes to complete the Next Generation Enterprise Network in the 2016 time frame, although that date is not set in stone.
What the Navy has now is the envy of the other services. In the late 1990s, it had thousands of stove-piped nodes. Naval Supply Systems Command, for example, ran its own network. Naval Air Systems Command did as well. There were some networks that existed in only one building. Others connected to the Web through local Internet service providers. The fragmentation meant the Navy did not have a handle on how much money it spent on its information technology infrastructure. It couldn’t enforce security measures across the domains and it posed a barrier to the increasingly important trend toward net-centric operations, where the four services could share information more seamlessly.
Navy leadership came to the realization that it had “no command and control over its command and control,” said Broene.
The process to bring it all together under one virtual roof began in 2000 and was largely completed by 2006.
The NMCI program provides IT services to about 2,000 locations in the United States, Puerto Rico and Japan. That includes 400,000 “seats,” which is IT-parlance for any device that is a portal to the network, including BlackBerries, wireless PC cards, laptops and desktops.
That comes to more than 33 million emails per week and 595 million browser transactions per day for a total of 10 terabytes of data traveling over the network per day. And that is just the land-based users. The service has two other programs for overseas bases and ships at sea.
NGEN, pronounced “engine” — will give the Navy further control and consolidation of its network, which has traditionally been left in the hands of contractors such as Hewlett-Packard, which bought the project’s original contractor EDS in 2008.
The Defense Information Systems Agency, DISA, provides the long-haul communications for the network. But bandwidth is shrinking, noted Broene.
The amount needed to handle all the traffic is growing at about 20 percent per year, said Broene. There was a time when sailors couldn’t log onto popular websites like YouTube or Facebook. But Defense Department and Navy leadership saw access to so-called recreational websites as a quality of life issue, and lifted the bans. But that spiked Internet usage.
Broene said NGEN will allow the Navy to at least prioritize access to such sites and ensure that the “business” side is available when needed.
“That takes precedent over a YouTube video of Bruce Springsteen playing a concert at his daughter’s school,” he said. “We want the ability to manage [the network] in real time.”
NGEN will also allow the Navy to build security architecture into the system. Programs designed to protect the network from cyber-intrusions have traditionally been “added on,” he said. The new goal is an architecture that allows programs and applications to be integrated more easily — a plug and play capability, Broene said.
As the cyber-threat grows, security is of paramount importance.
The NMCI is somewhat of a double-edged sword, HP security experts said during a tour of the Norfolk operations center. It’s a big target for those who are trying to infiltrate a U.S. military network. But it’s also a big piece of flypaper that can gather data on the latest types of intrusions.
Aaron Madril, an HP computer network defense expert at the Norfolk network operations center, said the NMCI receives the latest security reports from vendors such as McAfee, and then fine tunes its defenses based on that data. It also collects reports on attacks against the NMCI, and adds that to the knowledge base. Most attacks are thwarted quickly. More serious infiltrations are passed on to a special group that reacts to any damage and fixes vulnerabilities. A forensic team gathers information about the serious attacks and sends the reports to law enforcement and intelligence agencies.
Hackers are looking to either ex-filtrate data or launch denial of service attacks. The consolidated network allows the Navy to both protect against these events by “tuning” the network to known threats and looking for anomalies that may indicate an unknown threat, also called a zero-day vulnerability.
There are four Network Operations Centers where the enterprise is monitored for such activity: Pearl Harbor, Hawaii, San Diego, Quantico, Va. and at Norfolk. The dispersed centers allow operations to be transferred from one site to another in the event of an emergency such as hurricanes or earthquakes, both of which recently struck Virginia. When Pearl Harbor was threatened by tsunamis in the wake of the Tohoku, Japan, earthquake in March, its workload was transferred to the other three centers.
HP employees keep tabs on the health of the network on big screens. Non-security issues such as malfunctioning servers will show up on monitors. Having 1,000 emails stuck in a queue at the Washington Navy Yard, for example, may indicate that a server is not working properly. In that case, a technician there may be dispatched to look it over.
Other drops in service may mean something more nefarious like a denial of service attack.
“You have to understand your baseline,” said Tom Lerach, HP’s director of Defense Department cybersecurity. “You have to have a clear understanding of what’s normal and that’s very tricky. There is so much more art than science to it.”
HP devised its own monitoring device, the Real-Time Performance Monitor, or RPM icon, which resembles a fuel gauge in a car with a needle that points up when servers are operating as they should, and pointing down when they are less efficient.
That makes it easier — green is good and red is bad — for those monitoring the network.
It is an example of an in-house solution that is made necessary by the scale of the network. Commercial-off-the shelf software simply is not an option for such a large enterprise, said Ernest Bartley, HP’s liaison for Navy operations.
Along with monitoring the health and security of the network, HP also provides the Navy with a help desk that responds to calls from customers that are having issues connecting to it.
Pat Tracey, vice president of industry development for HP Enterprise Services, U.S. public sector division, said the Navy is moving the enterprise away from the contractor-owned, contractor-operated model to a government-owned, contractor-operated model.
Tracey was a vice admiral in the Navy at the beginning of the process in the late 1990s when the switch was being made.
“There was a recognition that operations writ large are network dependent today. They are not just network enabled,” she said. “The network is as much of a platform for war fighting success as any of the kinetic platforms are,” she added.
There is a maturing view in the Navy that the cyberdomain is a warfare domain, she said.
Yet, for the service to take more control of the network, it must have the expertise in its ranks to do so.
The Air Force is widely seen as being out ahead of the other services as far as developing its cadre of cyber- and IT experts. It began its career field much earlier than the other services, including the Navy, which was mostly renowned in computer circles for its cryptologists.
Bartley said part of the HP contract includes the training of about 30 to 60 sailors and marines each year who learn network operations in rotations at the four centers, and are then sent out into the field. When their training is complete, they may be deployed aboard ships, which, because of their nature, must operate their own independent self-contained networks.
Navy leadership recognizes the need to grow that kind of expertise internally and to not depend completely on contractors, Tracey said.
“They want to be able to evaluate the readiness of the network and understand its impact on operations that may be under way that depend on the network,” she said.
The other side of the coin is that the Navy’s push a decade ago to consolidate all of its networks was largely completed five years ago. The Air Force and Army are not anywhere near that far along, she said.
The consolidated operations also allow for better security, she added.
The Navy “invested in a simpler environment so they can address security in a more agile way than is possible in the Air Force and Army,” she said. It is “standard of security that is not matched in the unclassified area by any other network of this size in DoD.”
Broune said HP “is learning how we do command and control and we’re learning from them the best practices for managing networks.”
He added: “We have got our arms much better around our ability to command and control networks instead of just turning them on and running them or having some contractor provide you with service.”