Air Force discusses its networking woes

MONTGOMERY, Ala.— The Air Force will revamp its network and systems operations in the coming years, with plans calling for everything from outsourcing more than 10,000 jobs in the information technology work force to adopting hardware and software standards and integrating worldwide networks into a seamless communications grid.

In an unusually frank and public panel discussion earlier this month at the annual Air Force Information Technology Conference, top Air Force IT officials detailed the service's shortcomings in developing the kind of smartly configured networks needed to provide the information to support the Air Force's Global Reach, Global Power mission well into the next century.

Lt. Gen. William Donahue, the Air Force's director of communications, said computer and communications networks will become even more vital to the Air Force as the service reconfigures its flying squadrons into globally deployed expeditionary aerospace forces that are dependent on systems that can "reach back" to the United States for mission-critical information.

Donahue said the importance of IT to the Air Force mission demands that "we operationalize and professionalize our networks.... If we're going to treat information systems as weapons systems, then [we cannot run them] as a hobby shop."

But Donahue said the service has a way to go in meeting these goals. Currently, Donahue said, "we do more damage to ourselves than the hackers" through a lack of standards and professionalism, such as misconfiguring routers or sending huge files to everyone on a global address list.

Donahue said his plans include outsourcing Air Force network operations. "We will do it when it makes sense to do so...including operation of [network operations centers]." Donahue said that eventually the Air Force could outsource some 11,000 civilian and military jobs, leaving the service's tight IT talent pool to concentrate on "military-essential functions," including networks on bases that support aircraft squadrons.

Donahue said the Air Force has no intention of simply outsourcing jobs on a one-for-one basis so that the service ends up replacing "a $50,000-a-year enlisted man with a $150,000-a-year contractor." Instead, Donahue said, the Air Force wants contractors to help the service find "new and innovative ways to do our business."

Donahue said the Air Force has concentrated its outsourcing studies on noncombat commands such as the Air Education and Training Command and the Air Force Materiel Command. Col. Hanks Daries, AETC's IT chief, said the command plans to run a pilot seat management program next year. In seat management, also known as desktop outsourcing, organizations turn over the management of the network and systems in their desktop environment to an outside contractor.

Configuration Control

To help the Air Force standardize its networks, Donahue urged the adoption of a rigorous "configuration control process" that eventually should ensure that systems at bases worldwide all run standard software and hardware, making training and trouble-shooting easier and less expensive.

The service took this approach by adopting only Microsoft Corp.'s Exchange as the Air Force Defense Message System standard "because we cannot afford to train people on different messaging agents," Donahue said.

Col. Gil Hawk, commander of the Air Force Communications Agency (AFCA), said the service needs to standardize its architecture "to reduce the total cost of ownership." Hawk added that this effort includes standardizing desktop computer software, and if this approach means choosing one commercial product over another, "so be it."

Hawk said a lack of adherence to standards has led to an unmanageable proliferation of communications and computer hardware. A recent survey showed that the Air Force owns 59,000 kinds of devices. Attempting to maintain such a pool of disparate equipment is neither cost- nor mission-effective, Hawk said.

Ultimately, the Air Force envisions a base-level global "communications grid" that would make it possible for Air Force bases worldwide to exchange information.

John Gilligan, Air Force program executive officer for battle management, said the major problem the Air Force has to overcome is the large number of independent technical communities that have developed their own unique IT systems and networks.

A study conducted last fall found that many Air Force bases have hundreds of wide-area and local-area networks that support the connectivity requirements for specific, independent organizations on various bases, Gilligan said.

"Application and infrastructure programs [throughout the Air Force] are not well-integrated," Gilligan said. In addition, there is "no mechanism to integrate Air Force infrastructure programs with other base and major command infrastructure investments," he said.

AFCA's Hawk said Air Force and Defense Department engineers who develop systems that support the department's functional communications— ranging from personnel to medical— "do not work with communicators" in planning how their systems will be installed on bases or supported, maintained and administered on a base network.

Making matters worse, Gilligan said, is that there is "no clear plan" or investment strategy in place to guide the Air Force in how to invest its IT dollars.

But the Air Force has undertaken a massive effort, known as the Base-Level Global Grid Strategy, to address these problems and to lay out a road map for developing an integrated infrastructure, along with an IT investment strategy and a work plan to get the equipment in place.

The basic requirements of achieving a common, global infrastructure include workstations, servers and a communications backbone, according to Gilligan. The Air Force plans to develop an underlying infrastructure with common components that can support any number of programs, rather than installing networks and systems on a program-by-program basis, he said.

"We ought to have application servers that are shared," Gilligan said. In addition, "we want to have reusable components that [serve as a foundation for] the applications, and we want to use commercial applications" as well, he said.

Donahue said the Air Force is looking at centrally managing large-scale server farms or even installing them in mainframe megacenters operated by the Defense Information Systems Agency rather than locally maintaining them at Air Force sites.

Internal Threats

Attendees here at the panel discussion, which was chaired by Donahue and featured top managers from all the Air Force commands, peppered the panel with numerous questions about hacker attacks on networks. But the panelists agreed with Donahue that the greatest threat to the integrity of Air Force systems resides inside the Air Force, not outside.

Col. William Lord, chief of computers and communications at the Air Combat Command, which operates the Air Force's high-performance fighters, said his command successfully resisted more than 200 hacker probes in July. But, he added, "we managed to take ourselves down a couple of times" in the same period due to poor network procedures and management.

Lord said misconfiguration of networks leads to situations that give "the bad guys" easy entry into Air Force networks. "We need to manage [the Air Force] better on our networks.... Sometimes the leak is right on top of the server."

The panelists also expressed concern over cases in which network and systems managers on individual bases ignore a policy that requires all unclassified networks to connect to the "outside" through a firewall. These managers connect their computers to a firewalled network as well as to a nonsecure system, leaving hackers with a "back door" onto the base, according to Hawk.

AETC's Daries said IT managers need to take a "ruthless" approach to such systems by "cutting them off."

Another panelist, Col. Mel Flack of the Air Mobility Command, expressed concern about hackers penetrating a network's front door as a result of poor management practices, such as easy-to-crack passwords. Donahue agreed with Flack, saying he recently encountered easily cracked passwords in a test of Air Force systems in the Pentagon. "We've not only been keeping the front door open, we've been hanging out the welcome sign," Donahue said.