Army puts up its defenses

Army information technology officials started the Fort Campbell Network Upgrade in December 2003. They will complete the project in two parts: clients/servers and physical network, according to James Webb, director of the Directorate of Information Management at Fort Campbell, Ky.

The ongoing client/server portion includes computer workstations and servers operating Microsoft Corp. Windows XP and Active Directory, but he declined to comment further on the work, including the types of hardware and software installed, citing security concerns. "It's a joint effort between the soldiers, civilians and contractors assigned to Fort Campbell," Webb said.

He said work on the physical network will start in November and comes under the Army's multibillion-dollar Installation Information Infrastructure Modernization Program, which improves bandwidth for crucial service sites.

Army IT and industry officials at the Network Enterprise Technology Command (Netcom) oversee the operation and protection of Army networks at Fort Huachuca, Ariz., and Fort Belvoir, Va. Webb oversees IT operations at Fort Campbell. He answered questions in a statement but declined an interview with Federal Computer Week.

In May, Army IT officials started devising a servicewide information assurance plan to boost protection of the service's IT assets. Col. Thaddeus Dmuchowski, director of information assurance at Netcom, said Army IT officials want to develop a strategy that treats all systems as part of a cohesive enterprise, rather than securing each system individually.

Also in May, Army IT officials began studying current and future forms of computer network attacks in preparation for a multimillion-dollar information assurance procurement to fortify networks that could come as early as next year. Joe Capps, director of the Enterprise Systems Technology Activity at Netcom, said service IT officials would finish the work detailed in a requirements document that identifies products ready or in development in early 2005.

Last month, Boutelle said Gen. Peter Schoomaker, the Army's chief of staff, issued a directive to service commanders on five steps they can take to improve computer security at their installations. He said the document's topics range from ensuring that information assurance vulnerability alerts are issued to installing antivirus software and persuading employees to use unique passwords.

Army officials approved the computer security procurement because the service needs secure domestic networks to support the more mobile, rapidly deployable forces now in development.

"Lessons learned from Operation Iraqi Freedom and Operation Enduring Freedom continue to highlight the successes and potential of

network-enabled operations," said Schoomaker and Les Brownlee, acting secretary of the Army, in an article titled "Serving a Nation at War: A Campaign Quality Army with Joint Expeditionary Capabilities" published this summer by the Army War College.

"The operational advantages of shared situational awareness, enhanced speed of command and the ability of forces to self-synchronize are powerful," they wrote. Therefore, military officials must change the way they think about networks. "Operators must see themselves engaged at all times, ensuring the health and operation of this critical weapons system."

Boutelle said anyone doing business with the Army should read the document. It explains how service officials will train and equip soldiers to wage the war on terrorism, he said.

Eugene Spafford, a Purdue University professor and an expert in information security, said government IT officials continue to struggle with securing fundamentally unsafe systems and networks. He said they too often buy products based on cost rather than quality.

To fix the problem, Spafford recommends significantly enhancing the country's IT research and development abilities to better plan and implement cybersecurity for the long term rather than devoting attention to near-term patching.