Operational Excellence for the Warfighter


The “New Normal”: DoD's Cyber Revolution

The Department of Defense (DoD) depends on the use of the Global Information Grid (GIG) of classified and unclassified networks for command and control as well as for routine business. Today, one of the fundamental challenges for DoD is to accommodate the irrepressible demand for new efficiencies in information sharing and collaboration while ensuring the defense of the networks against the growing number of sophisticated cyberthreats that have the potential to deny, disrupt, degrade, or destroy communications.  Simply stated, the network must always be available.  It cannot fail.

The GIG is a continually contested domain. DoD must consider cyber threats upfront and always as it builds and operates the GIG.

“Gaps in the readiness capabilities of the networks must be treated as being as important as gaps in a weapons platform.”
Brigadier General John Davis, Deputy Commander, JTF-GNO.

Even the NIPRNet [Non-Secure Internet Protocol Router Network] and its local network extensions must be treated in the same way as other components of assured DoD computing. They must all be reliable and redundant in connections and power, rigorously protected and defended from penetrations and denial-of-service attacks, and consistently guarded on a 24x7 basis. There is no choice.

So, DoD must make some changes in how the GIG is used, managed, and defended. The old way of doing business is being replaced with a new style of conduct, culture, and capabilities that must be developed and inculcated in the actions and habits of all users of the GIG.

Establishing this shift in the posture of how the network is operated and defended - and changing the way the GIG is used on a day-to-day basis - are not simply matters of enhanced technologies or increased capabilities. They require a change in priorities and resourcing. Most importantly, they require a change in the mindset and accountability of the broad community of users of the GIG.

The global cyber revolution challenges the Department to accept the fundamental premise that a new balance is required in DoD's culture, conduct, and capabilities in order to deter threats against the GIG and to assure it's always available. We must reassess DoD-wide priorities in areas such as personal versus official use of the GIG, operational needs versus network security, compliance versus accountability in GIG usage, and 'permitting' versus 'restricting' Internet access from the GIG.

The GIG

The GIG is a patchwork of systems forced to connect to one another that are moving toward more homogenous governance. The GIG includes more than 15,000 local and regional networks with approximately 7 million IT devices used by 48 DoD organizations with different command authorities, including the four DoD military services, 10 combatant commands, and 34 agencies and field activities.  



Everyone must be cognizant of the global risk in the way they use information technology and the network it rides on. End-to-end connectivity between millions of devices creates millions of points where risk decisions are made. Users must make sound decisions about when, how, and for what they use the network because their actions may be responsible for creating a vulnerability or allowing an adversary to exploit a vulnerability.

A vulnerability accepted by one creates vulnerability for all on the network. Tied to this is the notion of accountability and responsibility to ensure each decision about the network is correct. The Department must ensure that appropriate policy exists, that users are properly trained, and that users are disciplined if they don't follow the policy.  This is a commander's responsibility.  It is about increased accountability. Commanders will be held more accountable than in the past for maintaining the operational capability and protection of the network. To gain greater recognition and to put additional focus on the importance of the commanders' responsibilities, inspections of the GIG, called Enhanced Compliance and Validation Visits, have been renamed Cyber Operational Readiness Inspections. The idea is to change the culture concerning these inspections and to make them equivalent to the long-standing operational readiness inspections - the results of which significantly influence the performance evaluation of the commander

In a global economy, the DoD must engage globally, but we can limit the risks attendant with exposure, mitigate the impacts, and we can harden the defense of critical information associated with national security. The job of the person making the risk management decision is to find the right balance between operational expediency and global network security.

The DoD recognizes that change is necessary.  We have identified what cyber-security should look like in the future, and the commander of U.S. Strategic Command is shaping DoD's “new normal” at a strategic level.  It takes a network of people and organizations to operate and defend a network. Sometimes multiple chains of command are involved, and they're not always synchronized, so we will clear up the lines of command and control to increase the speed to be able to 'see,' report, and take action to protect and defend the network in real time. This means more automation and fewer conflicting processes.

A whole range of transition actions are required.  DISA's role is to deliver the capabilities and services to enable the necessary changes to create the “new normal”. 

DISA is strengthening the network perimeter by building demilitarized zones at the boundary between DoD and the Internet.  These DMZs, as they are called, will host all DoD services that 'face out' to partners and the public.

DISA is also deploying capabilities to harden the inside of the GIG.   For example, the host-based security system (HBSS) attaches a management agent to each host (server, desktop, laptop) for end-point security across the DoD enterprise. The system is managed by local administrators and configured to block known bad traffic, using an intrusion-prevention system and host-level firewall. HBSS will improve situational awareness of the computing inventory and configuration on our network.

However, HBSS is not a comprehensive solution for network security. Layers of defense are required and achieved through additional technology, multiple practices and improved procedures.  Recently, all DoD personnel were required to complete a seven-session series of online training modules on network security.

DoD is moving steadily and decisively to change culture and conduct and to develop capabilities to enable the Department to be able to operate in all conditions in an ever more cyber-dependent and cyber-challenging world. This requires the attention of every person who uses the DoD network.  It is and must remain a team effort.ly supporting our warfighters and National Leadership.