DISA to establish safe haven outside the Internet

The Defense Information Systems Agency is developing plans to cordon off its unclassified networks from public Internet access.

The Defense Information Systems Agency plans to cordon off its unclassified networks from public Internet access, creating a "demilitarized zone" isolating Web-based servers and applications from other defense systems.

The DISA procurement budget for fiscal 2011 includes $6 million to construct a bypass around public Internet portals for users of the Unclassified but Sensitive IP Router Network (NIPRNet), according to govinfosecurity.com. The DMZ would eliminate “the need for most DOD assets to directly connect with the public Internet, which greatly reduces its surface and exposure to attacks,” the DISA budget stated.


For Related Story

All-seeing security program spreading throughout DOD


The DMZ was designed to provide an infrastructure to implement data segregation to protect private, controlled and classified data from publicly accessible information, according to the budget description.

The funding will procure hardware and software to move Web-based application servers into the DMZ. “These servers separate networks that should have access to the Internet from those that should not,” the budget stated.

The project is part of DISA’s Information Systems Security Program (ISSP), for which $14.6 million total was budgeted for 2011. Other projects under ISSP include nearly $1.8 million for its host-based security system to counter cyber threats on Defense Department  computers and “accomplish configuration and management control across all endpoints,” the budget stated.

Other funding includes:

  • $2.3 million to bolster DOD’s classified Secure IP Router Network (SIPRNet) firewall against external attacks.
  • $2.2 million for Insider Threat capability that addresses potential internal attacks.
  • $2.5 million for the Cross-Domain Enterprise Service to securely transfer information between NIPRNet and SIPRNet and to safely disseminate information while reducing costs.